Retrieving Email Source Code

From CastleCopsWiki

Jump to: navigation, search

The best, most complete, information identifying a suspected phishing exploit is the complete source of the email solicitation. This will contain the IP address of the system that originated the email, positive identification of the institution being imitated, and the Uniform Resource Locater (URL) of the fraudulent site to which the recipient is directed. It may additionally provide important clues about where the scam originated, who is responsible, and disclose trends in this criminal activity. The following guidelines describe the steps necessary to retrieve the full email source in several popular webmail and desktop email clients. If your particular application is not listed here please post a query in the Castlecops Phishing, Fraud, and Dastardly Deeds forum and we will do our best to publish suitable instructions. Any errors or points of confusion may be posted there as well.

[edit] Email Previewers

FireTrust MailWasher Pro (MWP)

[edit] Desktop Email Clients

Mail (OS X)

Microsoft Outlook Express

Microsoft Outlook

Mozilla Thunderbird

Eudora 6.2 (Windows)

Lotus Notes

[edit] Webmail Interfaces

Google Gmail

Microsoft Hotmail

Yahoo Mail


The Phishing Scam

Introduction: | What is: Phishing? | Pharming? | Social Engineering?

The Anatomy of a Phishing Scam: | Signs of a scam

Reporting Phishing Scams: | Fried Phish

Retrieving Email Source Code: | MWP | OE | Outlook | TB | Gmail | Hotmail

edit this template

Retrieved from "http://wiki.castlecops.com/Retrieving_Email_Source_Code"
Personal tools