Cyber@ANZ - Social Engineering Investigation
Read this in "about 3 minutes".
Task Description
You have been assigned 7 emails to investigate. Some of these emails may contain content which can be classed as malicious, due to a number of reasons. They may contain malicious attachments, suspicious links, or Phishing attempts to gather private account information from the user.
You are expected to report your findings on each email, so that we can either block or release these emails to the users.
Download Emails: here.
Solutions
Email 1
Safe
- The email does not contain a link or attachment.
- It appears to be a typical conversation between friends.
Email 2
Malicious
- There is no formal email greeting.
- The email started with an abnormal “One Drive..” header.
- Inconsistency in writing. For example, “office 365 Email”.
- The spelling mistake in “recevie”.
- The attacker tries to convince the user to click on the “UPDATE YOUR ACCOUNT” leading to an unknown page.
- The words “ADOBE PDF” and “SECURITY” are unreasonably capitalized.
- Overall, the email is poorly written, with multiple spelling mistakes and inconsistent formatting. The final purpose is to trick the user into downloading and opening a dubious Adobe PDF file.
Email 3
Malicious
- The address is not legitimate due to the “b” letter and the Top Level Domain (TLD) of “.opt”, which indicates a malicious Facebook website.
- Overall, the user has been instilled a sense of curiosity to click on a malicious link.
Email 4
Malicious/Spam
- By inspecting the header information, we discover that the email is initially from Massdrop and is then forwarded by Adam.
- The email is written inconsistently, with some grammar errors in “a new adjustments”.
- There is potentially a high chance that Adam had modified the original email and the “SEE MORE” link location, which clicking on will redirect the user to land on an unknown website.
Email 5
Malicious
- The sender does not know the user’s identity. As a result, he/she solely “Hi” without mentioning the user’s name.
- The email is so generic that it could apply to anyone.
- The sender tries to instill a sense of urgency to hopefully compromise the user’s credentials.
Email 6
Safe
- Both Reuben and Alan are using ANZ business email.
- In general, the email looks legitimate and professional, while both the sender and responder seem to be on the same page.
Email 7
Malicious
- The email contains one dubious link leading to a suspicious website.
- Overall, the marketing email is not professional and lacks information but an address leads to an unknown source.