Phishing email discovery

Preston Miller wrote a post in which he develops a small script that demonstrates some of the basic functions of pypff. In particular, the e-mail headers were compared to identify emails in which the “From” and “Reply-To” or “Return-Path” addresses do not match. The idea is that phishing emails are usually one-time, and if there are additional attempts, they usually have different email addresses. Ensuring the presence of one or more linking weeds with probable benign messages (unless they use a link, not an application).

 


The idea with this script is to demonstrate some functions of the pypff library and hopefully a useful sorting script. When I developed the code, I thought about a simpler, but probably as valuable, as the script, using this library. If you want to practice your Python development, write a script that iterates through PST or OST, identifies all messages from each unique email address / domain, and then selects only those email addresses / domains that have one message associated With them, and the Bind variable is greater than one.

Read this script and not only can be here.