BadB
Professional
- Messages
- 2,563
- Reaction score
- 2,770
- Points
- 113
As the number of people using the Internet on a daily basis grows, so does the number of fraudsters in this area. Inexperienced users (especially the elderly) can easily fall prey to them.
Those who want to profit at someone else's expense act under the guise of employees of reputable services and organizations, replacing their real address with a corporate one. Links to malicious programs under the guise of messages from banks and mailings from popular online stores can be sent to the mail.
You can be sent a letter, for example, from payment system (or Qiwi-Wallet, bank-online, etc.). By clicking on the link from such a message, you will be taken to a fake site (as much as possible repeating the original) and there you voluntarily surrender all your personal data (including your password). And then you can do whatever you want with them: transfer and cash out money, shop online, and even arrange loans in your name from microfinance organizations.
In order not to fall for the bait of such scammers, it is necessary to be able to distinguish such mailings from the real ones. We will analyze how to do this in our article.
Anatomy of an Email.
When sending and receiving emails, the average user rarely thinks about what happens with these emails along the way. Delivery is carried out in a matter of seconds, regardless of the location of the addressee. We receive messages, photos, videos, useful links and a ton of other information. Mom sends recipes to her daughter, colleagues to each other - reports and working materials, banks and credit organizations - information on debts, account transactions, etc.
It seems to us that communication takes place directly: from hand to hand. However, this is not quite true. In the process of sending and receiving, in addition to the computers of the sender and the recipient, at least two more mail servers are involved.
Each of them works according to certain rules, which are regulated by special protocols: SMTP (Simple Mail Transfer Protocol) - mail transfer, POP3 (Post Office Protocol, version 3) - mail reception or IMAP - access to mailboxes located on the mail server.
Literally in the seconds that it takes to forward your letter, postal services supplement it with a mass of information. For example, through Mail.ru I received such a laconic letter (only 4 lines of text) allegedly from an international trading company Amazon. The mail server helpfully identified it as spam and sent it to the appropriate folder. How did he come to this decision?
In order to see the information added by mail servers, you must click on the "More" button on the top command line.
After that, click on the bottom line of the drop-down list called "Service headers".
In a separate window, the same service information will open, which is added to any e-mail by mail servers:
Impressive? And that's all for the 4-line message! In addition to the sender and recipient addresses, the date and time of sending, the sender's IP address, the individual message number and a host of other service information are listed here.
If you use other postal services, then there is also an opportunity to get the necessary information. For example, in another popular mail service - Gmail - you need to click on the three dots in the upper right corner (email header) and then select the line "Show original".
In a new window, you can see the message identifier, from whom and to whom the letter was sent.
How can this information be useful to us? The most valuable of all this is the IP address information.
How to find the IP address through the service header of the letter.
If you have never come across the concept of an IP address . Knowing it can provide a lot of valuable information about the sender of an email message. Find the IP value in the text of the service header of the letter:
Since letters can be redirected through several servers, if there are several IPs in the "Service header" section, you need to look at the one that, as a rule (but not always), is located below the others. The digital value we need should be in the "Received" section, while the "From" section (bottom line) contains the alleged Amazon address (it is the content of this field that the scammers fake in order to impersonate someone else).
If you do not want to dig into service headers, then it is even easier to determine the sender's IP through service: Determining the IP address by E-mail.
The procedure is as follows:
- You open a questionable letter, the address of which needs to be verified.
- Please forward it to a special address: knowemailip@gmail.com.
- After a few seconds, enter the email address of the suspicious sender in the window of our service.
- Click the "Check" button:
You can use this service through mail clients, for example, through The Bat.
Information on the server is stored for no more than an hour, so it is better to perform all actions during this time (both sending a letter and checking through "Determining the IP-address by E-mail".
What to do next with the received IP address?
The resulting IP address will not help to determine the absolutely exact mailing address of the sender, but will indicate the region of the server location, the organization to which the registration was carried out, and information about the provider.
You can use several services to determine your location. For example, through this one: "Determine the location". By default, it detects your location.
Enter in the search window the IP address that you found in the service header or received through our service "Determining the IP address by E-mail" and click the "Check" button.
Location data is displayed in the form of an interactive map with brief accompanying information about the country, city, organization and provider of the IP of interest to us.
Thus, it turns out that they are “trying” to make my "electronic transfer" from Sweden, while I make purchases in Amazon exclusively through the UK. This, of course, happens: the offices of international companies can be located in different countries. But it can also alert. Especially if you know exactly where the representative offices of the companies from whose behalf you receive mailings are located. A similar check can be carried out when receiving strange letters through contacts on dating sites: they allegedly write from the USA or Italy, and the IP address is determined in Yerevan or the nearest Moscow region.
I am also informed about problems with this letter by the Mail.ru mail server, which does not consider this address an "approved sender" and automatically places messages from it in the "Spam" folder. Mail.ru (as well as other "mailers") automatically compares the parameters from the "Received" and "From" fields of the service header and, if they do not match, classifies such messages as dubious. When clicking on the link from such a letter, instead of transferring, I risk getting only a lot of trouble.
The IP address location service called IP address or domain information[/URL] works in a similar way.
To obtain information, you need to enter the numerical value of the IP and click on the "Check" button.
In the final results, you can see not only the region where the provider is located and its name, but also contact information. If you wish, you can file a complaint about spam mailing at the specified phone number or postal address:
Spoofing email headers.
As we can see from the analyzed example, it is not difficult for fraudsters to partially fake the letter header. Quite often this is practiced in order to impersonate a representative of a well-known company or service.
For example, you can send a malicious program from a address disguised as a letter from a support employee.
After opening the "Service header" section, you can find out that the real address of the sender is completely different, and the letter was forwarded using different addresses and services.
In this case, the sender's IP address is located in Irkutsk:
Fraud schemes that use such schemes often adapt to the mailing of online payment services, postal services, banks and credit organizations, social networks, popular dating services, etc.
Be vigilant when receiving questionable emails and teach this to your elderly parents and children who have not yet fully mastered the intricacies of online communication. Teach them to recognize the main signs of fraud and in no case do the actions that are asked for in the letter.
