IT-Seal Logo Social Engineering Analysis LabsIT-Seal Logo Social Engineering Analysis Labs

Die Zukunft der Informationssicherheit
liegt nun in ihren Händen. Endlich.

Image: SECUSO

Detect phishing e-mails quickly and easily: TORPEDO Add-on for Mozilla Thunderbird - by SECUSO

Author: Desirée Ney, 31. August 2017
Reading time: 4 minutes

What is phishing?

The term phishing is based on the English word fishing and refers to an attempt to commit fraud by e-mail. Figuratively speaking, it is a matter of fishing for passwords, which are then used to abuse personal data or harm the owner of a bank account. Phishing is thus a "social engineering" or "social hacking" method – the psychological manipulation of people by the exploitation of social norms or human nature. The recipient receives a trustworthy seeming e-mail during phishing, for example from PayPal, Amazon, Apple or even supposedly from their own boss (known as "CEO Fraud"). For example, these e-mails may contain dangerous web links (URLs) that link to fake websites in order to subsequently misuse the data entered. The URL and the domain contained therein can be used to check which page the web link leads to and the risk can be estimated by the user.
By far the most successful phishing method is spear phishing, where attackers specifically collect personal information about companies or selected employees to launch individualized and highly professional cyber attacks. An effective way to protect yourself as a company against phishing attacks is to conduct phishing simulations to increase employee security awareness and capture the phishing security level.
The following is a good safeguard for private individuals against phishing.

Download, installation and tutorial of TORPEDO

The add-on TORPEDO is available free of charge for the free e-mail application Mozilla Thunderbird and was developed by members of the SECUSO research group of the KIT Karlsruhe (former TU Darmstadt). The tool promises quick and easy help to detect fake links in phishing e-mails. After downloading the "torpedo. xpi" file, the add-on only needs to be installed in Thunderbird itself. In the settings of the program in the "Add-ons" folder, the file can be selected and installed easily. After that, the program will be restarted and a clear and informative tutorial for using TORPEDO will be offered. The URL check and the operation of the add-on are explained in a way that is easy to understand.

Using TORPEDO correctly

It is possible to expose a phishing e-mail using the links found therein. If you move the mouse over a link after installing the add-on, the actual URL is displayed by a tooltip. A green frame in the tooltip indicates that the domain (the given area in the URL) is low risk because it belongs to a list of the 100 most visited websites. To simplify recognition, the domain is printed in bold. (Image Source Torpedo Add-on)

TORPEDO add-on thunderbird green frame phishing protection

If the tooltip has a blue frame, the risk is also low because the domain has been visited manually at least twice since the installation of TORPEDO and has been included in the list of secure websites. (Image Source Torpedo Add-on)

TORPEDO add-on thunderbird blue frame phishing protection

A gray frame, on the other hand, indicates that the URL is unknown and could be dangerous. Therefore, the URL should be checked carefully, with the focus on the target domain. The target domain is displayed in bold, so that it is easy to see where the link leads the user. If the link is dangerous, the e-mail should be deleted. However, if the URL is known to the user, it can be classified as harmless via the menu. (Image Source Torpedo Add-on)

TORPEDO add-on thunderbird gray frame phishing protection

The following picture shows an e-mail allegedly from Amazon. The domain displayed bold by TORPEDO indicates that the URL leads to "de-index. info". (Image Source Torpedo Add-on)

Amazon Phishing E-Mail TORPEDO display

For this reason it is important to always be careful and check the URL thoroughly. Activating the potentially harmful link during the investigation is prevented by a delay of three seconds. However, the delay time can be changed. For more information, you can click on a small "i" in the tooltip.

Using the TORPEDO menu

The menu is structured very clearly and offers the following options:

1. classify a domain as harmless

2. use an integrated search engine to find the target of the URL

3. select a short and long version of the tooltip

4. switch between a normal and large font size

5. open TORPEDO settings  

The delay can be adjusted or deactivated in the settings and the list of URLs classified as low risk by developers and users can be retrieved and edited. (Image Source Torpedo Add-on)

Conclusion

With TORPEDO you can easily, quickly and securely identify the target domain behind the URL in an e-mail and check it to protect yourself from phishing e-mails. TORPEDO is therefore very helpful for anyone who is not well versed in recognizing potentially dangerous URLs. However, this does of course not offer 100% protection and requires the user to think along – something that can also be trained in a professional, protected environment.

Was zeichnet uns aus:

Umfassende & standardisierte Analyse
Identifizierung & Quantifizierung 
der Sicherheitsprobleme
Made in Security Valley Darmstadt
Wissenschaftlich validiertes Konzept

Keep in touch:
Subscribe to our social media channels