Are you worried about spam or probably malicious inquiry by someone pretending to be your client? There fear not we are here to help you find the truth. Many times you will get fake emails asking for compensation or claiming damages or products. Many of these emails contact phishing and other spyware links that want to harm your business. You might already know these emails are the number 1 source of phishing since they are very easy to manipulate.
And you can guess the importance of knowing everything you can about the bank email you just received asking for account information or a fake client trying to access your data by pretending to be a customer. So here is how you can track and email and find if the source is legit or not.
Table of contents
So let’s start with how exactly email tracking and tracing works:
Emails, when received, contain a lot of raw network information that is generally hidden from the user. By using hidden information popularly known as raw information, we can effectively track an email and find in-depth information about the source of the email.
The way this works is we copy the raw header information (exact steps will be shown below). The tools and websites given below will use this IP and header information to trace the origin of the email address and the geographical location from where it was sent from. Tracing the information is legal since you have every right to do so. Still, you might want to check your country’s laws regarding the same just in case something has changed over the years we have written the article.
For this tutorial, I will use a phishing email that was sent to me in an attempt to compromise my Amazon account. Luckily I used my email tracking skills to find out the truth about the email source. So let’s begin
Step 1: Getting the raw information to trace emails
Open the mail and check the raw information to track email t. For convenience, I will show you how to do this on Gmail. Since it is the most popularly used email service:
Open the email you want to trace:
Click on more and “show original” option as shown below:
Once you have the data just copy it and follow step 2.
Step 2: Open the email tracer application or websites.
Installing so many apps is a hassle, so I have decided to show two of my favorite websites for tracking and tracing emails.
Both of them work the same way. For this tutorial, I will use ip2location.
Copy the email header information from step 1 and copy-paste it in the header section as shown in the images below.
Once you are done. Click on the lookup button to track email.
Step 3: Analysing the output.
You will get a lot of information, as shown below:
Note how the information shows that the original source is not amazon.com but wowrack.com.
This proves that this was a phishing email targeted at me. The second IP was a fake netflix server intended to trick me into believing that the email was from the actual netflix.com.
In my case the original source message was from scaleway.com and from there it went to a fake Netflix. Then from their, an email message was sent to me asking me for information and login.
You can see how easily someone can be fooled into thinking this mail is from Netflix. That is why we need to be careful, especially with emails and attachments. Make sure you report spam and phishing messages as they will make Google spam detection that much better.
We have learned how to trace emails to the source. We have also learned how to identify phishing emails and prevent hackers from gaining sensitive information about us.
Use fake emails where your real email address is not required.
This is one of the methods hackers use to hack your accounts by sending fake emails claiming to be the bank or service you regularly use. This is just one of the ways to detect phishing. Soon I will write a dedicated article on detecting phishing attacks. Keep supporting the hacking world till then.
Commonly asked questions
Q1. Is this tool foolproof?
There is no such 100% guarantee. Instead, my recommendation is to use two or more tools. If both the tools show that the email cannot be trusted then report it as spam and block the sender. Better be safe then sorry. You can also inform the legal authorities if you are unsure.
Q2. Can I only use the email address without header information for tracing emails?
Yes, but it will be very inaccurate and frankly useless if you ask me since the way this works is different. Try to get the header information or simply ignore the mail. Never trust emails unless they are properly verified.
Q3. Are these email tracking and tracing tools and websites legal to use?
Yes, they are legal. Since you have the right to know where the message you received came from. Some country laws might not agree with me. So I suggest checking your country’s laws just in case.
Q4. I use an antivirus. Do I still need to be worried about emails?
Antivirus generally does not check phishing emails and phishing pages. Even if they do, their ability is fairly limited since hackers keep making new and convincing phishing pages. For this reason, trust only yourself. To install a good antivirus but also keep good vigilance while clicking on emails and attachments.
Hopefully, you guys liked the article do share the articles as much as you can. Tracing Email can be done in many other different ways.