Retrieving URLs from Emails

From CastleCopsWiki

Jump to: navigation, search

In those cases when it is impossible to retrieve the entire email source code it is still possible to report a suspected phish using only the Uniform Resource Locater (URL) of the fraudulent site. Note that most phishing emails will use some sort of obfuscation to disguise this URL so simply copying the text as it appears will seldom give the handlers the information that they need to analyze the threat. As an example, the image below, taken from a real phish, shows a clickable link ending in ...tails_confirmation_page_do. When the cursor is hovered over the image, however, the address bar shows an entirely different URL ending in ...mgmcomps.com/r1/p/.

Image:Tbird2.jpg

Retrieving the correct URL is generally as simple as hovering over the link and clicking on Copy Shortcut (for Microsoft products) or Copy Link Location (for Mozilla products). Some examples follow.

Image:Oe5.jpg

Microsoft Outlook Express

Image:Tbird3.jpg

Mozilla Thunderbird

Image:Gmailcap.jpg

Google Gmail viewed in Mozilla Firefox


The Phishing Scam

Introduction: | What is: Phishing? | Pharming? | Social Engineering?

The Anatomy of a Phishing Scam: | Signs of a scam

Reporting Phishing Scams: | Fried Phish

Retrieving Email Source Code: | MWP | OE | Outlook | TB | Gmail | Hotmail

edit this template

Retrieved from "http://wiki.castlecops.com/Retrieving_URLs_from_Emails"
Personal tools