[THM] Phishing Emails 2 by TryHackMe

-


We Meet Again


This module is all about getting into the actual phishing email header analysis. The biggest suggestion I have here is to get and stay curious about the oddities coming into your mailbox. Do header analysis on all those weird enhancement emails and pay close attention in the next upcoming module on how to handle potential malicious payloads so you learn the best way to open attachments and links. 
But let's dig into this module first.






Task 1

Q: Read the above.
A: No answer needed.





Task 2

Q: What phrase does the gibberish sender email start with?
A: Noreply


Note on this question, they are looking for the phrase that the sender email address starts with.

 





Task 3

Q: What is the root domain for each URL? Defang the URL. 
A: devret[.]xyz


Use your available tools and get comfortable with CyberChef and a ton of other questions.





Task 4

Q: This email sample used the names of a few major companies, their products, and logos such as OneDrive and Adobe. What other company name was used in this phishing email?
A: Citrix


See the screenshots in the module for this answer, below the #3. 



 

Task 5

Q: What should users do if they receive a suspicious email or text message claiming to be from Netflix?
A: forward the message to phishing@netflix.com


Here's where the hint is helpful because exact wording is needed.

 





Task 6

Q: What does BCC mean?
A: Blind carbon copy
 
Q: What technique was used to persuade the victim to not ignore the email and act swiftly?
A: Urgency


Urgency is a very common technique is various social engineering attacks, check some out in the article  by Attack Simulator Social engineering attacks: 12 famous cases you probably forgot.






Task 7

Q: What is the name of the executable that the Excel attachment attempts to run?
A: regasms.exe


Get a close up on that doc in the screenshots. 






Task 8

Q: Read the above.
A: No answer needed.

Popular posts from this blog