.. /.Eml

Phishing

Author:

mr.d0x

Description:

EML is a file extension for a saved email message. EML files can have spoofed contents within and therefore should not be trusted.

OS:

Windows
Linux
Mac

Recommendation:

EML files sometimes have legitimate uses and therefore it's not always feasible to block them. Users should be trained to understand that contents of EML files are not necessarily legitimate.

Resources:

https://isc.sans.edu/forums/diary/EML+attachments+in+O365+a+recipe+for+phishing/25474/

File Samples:

Contributions: