] [skunkworks] Re: Email Impersonation ->help
A friend of mine has had someone write an email to a client in malice purporting to be my friend. Is there a way to find out who the criminal is using available tools?
You could try using mail headers. That will show where the mail originated. You would have to work with the organization that own that IP from there though. Most public email providers wouldn't allow you to spoof source address but you can do so with private mail systems. So if mail from Gmail etc, will be easy to proof its not authentic but not easy for other mailer unless you get inside assistance Muriithi
scenario
Tom my friend has an email account tom.rafiki@bestservices.not email used for the offence tom.rafiki@outlook.com
In the email, tom 'the fake' says that he does not want to use his
official
email so that the corrupt deal is not traced back to him.
The real tom has a hard time trying to prove that this was not him.
My questions (i) Is it possible for one to get info from outlook on such matters say -date of registration of the email? (ii) Are there options out there to flash out Tom the fake?
I'm trying to be creative to no avail
R
Thanks @ Muriithi, I'll advise thus, rgds *_______________________________________________________________We must Keep on, We can't stop here * On Mon, Jul 14, 2014 at 4:35 PM, William Muriithi < william.muriithi@gmail.com> wrote:
A friend of mine has had someone write an email to a client in malice purporting to be my friend. Is there a way to find out who the criminal is using available tools?
You could try using mail headers. That will show where the mail originated. You would have to work with the organization that own that IP from there though.
Most public email providers wouldn't allow you to spoof source address but you can do so with private mail systems.
So if mail from Gmail etc, will be easy to proof its not authentic but not easy for other mailer unless you get inside assistance
Muriithi
scenario
Tom my friend has an email account tom.rafiki@bestservices.not email used for the offence tom.rafiki@outlook.com
In the email, tom 'the fake' says that he does not want to use his
official
email so that the corrupt deal is not traced back to him.
The real tom has a hard time trying to prove that this was not him.
My questions (i) Is it possible for one to get info from outlook on such matters say -date of registration of the email? (ii) Are there options out there to flash out Tom the fake?
I'm trying to be creative to no avail
R
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
Try trace where the email came from, then which computer, then which client was used, then forensically examine the computer used as your main targo (Local Data Acquisition or even use Covert Data Acquisition) This kind work is under Forensics Sciences and its called On-line Reputation Management. Most of such attacks are done via social media and emails, but tracing the culprit is easy, but it might take a while. Mobile Phones are the easiest but guys have become more knowledgeable. In case you have more questions, you can shoot a mail :) On 7/14/14, joe mwirigi <joemwirigi@gmail.com> wrote:
Thanks @ Muriithi, I'll advise thus,
rgds
*_______________________________________________________________We must Keep on, We can't stop here *
On Mon, Jul 14, 2014 at 4:35 PM, William Muriithi < william.muriithi@gmail.com> wrote:
A friend of mine has had someone write an email to a client in malice purporting to be my friend. Is there a way to find out who the criminal is using available tools?
You could try using mail headers. That will show where the mail originated. You would have to work with the organization that own that IP from there though.
Most public email providers wouldn't allow you to spoof source address but you can do so with private mail systems.
So if mail from Gmail etc, will be easy to proof its not authentic but not easy for other mailer unless you get inside assistance
Muriithi
scenario
Tom my friend has an email account tom.rafiki@bestservices.not email used for the offence tom.rafiki@outlook.com
In the email, tom 'the fake' says that he does not want to use his
official
email so that the corrupt deal is not traced back to him.
The real tom has a hard time trying to prove that this was not him.
My questions (i) Is it possible for one to get info from outlook on such matters say -date of registration of the email? (ii) Are there options out there to flash out Tom the fake?
I'm trying to be creative to no avail
R
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com {FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/
I thought this will capture your attention John. Am sure my friend wont mind your services. Am writing you an email on this regard. Thanks *_______________________________________________________________We must Keep on, We can't stop here * On Mon, Jul 14, 2014 at 5:36 PM, Gichuki John Chuksjonia < chuksjonia@gmail.com> wrote:
Try trace where the email came from, then which computer, then which client was used, then forensically examine the computer used as your main targo (Local Data Acquisition or even use Covert Data Acquisition)
This kind work is under Forensics Sciences and its called On-line Reputation Management. Most of such attacks are done via social media and emails, but tracing the culprit is easy, but it might take a while. Mobile Phones are the easiest but guys have become more knowledgeable.
In case you have more questions, you can shoot a mail :)
On 7/14/14, joe mwirigi <joemwirigi@gmail.com> wrote:
Thanks @ Muriithi, I'll advise thus,
rgds
*_______________________________________________________________We must Keep on, We can't stop here *
On Mon, Jul 14, 2014 at 4:35 PM, William Muriithi < william.muriithi@gmail.com> wrote:
A friend of mine has had someone write an email to a client in malice purporting to be my friend. Is there a way to find out who the
criminal
is
using available tools?
You could try using mail headers. That will show where the mail originated. You would have to work with the organization that own that IP from there though.
Most public email providers wouldn't allow you to spoof source address but you can do so with private mail systems.
So if mail from Gmail etc, will be easy to proof its not authentic but not easy for other mailer unless you get inside assistance
Muriithi
scenario
Tom my friend has an email account tom.rafiki@bestservices.not email used for the offence tom.rafiki@outlook.com
In the email, tom 'the fake' says that he does not want to use his
official
email so that the corrupt deal is not traced back to him.
The real tom has a hard time trying to prove that this was not him.
My questions (i) Is it possible for one to get info from outlook on such matters say -date of registration of the email? (ii) Are there options out there to flash out Tom the fake?
I'm trying to be creative to no avail
R
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
participants (3)
-
Gichuki John Chuksjonia -
joe mwirigi -
William Muriithi