![]() ![]() ![]() We will now proceed on the analysis of the jnlp file attachment that has a filename “invoice.jnlp”. jnlp file is a Java Network Launch Protocol which is an unusual attachment for an email. Upon checking, the IP address 45.88.105.192 in the “received from” is not also related to DHL. It says that the “domain of DHL.COM does not designate 45.88.105.192 as permitted sender”. An Additional checker is the Received-SPF: softfail.Upon researching, the domain in the “received from” header is not related to DHL. The “received from” data is the most reliable and it is where we can see the real sender of the email. Checking the email header, we can see that the “received from” which is in the green box in Figure 2.0, didn’t match with the “from” field (the visible sender of the email).These are some indicators that will show that this email is suspicious and not legitimate: jnlp attachmentĪs threats become more prominent, we should always be cautious. The content is also properly constructed and also uses a known logo making it difficult to spot that it is a malicious email.įigure 1.0 Spam email with. Malicious attackers trick the victim into believing that the email is legitimate by using a legitimate domain in the sender’s email address. This spam email is disguised as a known logistics company and has an unusual attachment. Recently, we came across a spam email lurking in the wild. The COVID-19 pandemic has resulted in people ramping up online activities working from home, online shopping and relying more on online services. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |