If you wanted to feel like a real ethical hacker and trace emails or track emails as they show in the movies and Tv shows using header information or god-level techniques (just to track email), then you have come to the right place. Today we will show you how exactly you can trace email and all the information from an email you have received. Now you might be wondering why do I care about tracing email and it’s information? Like who cares really?
Well, it turns out you should care about it mainly because emails are the number one source of phishing. And you can guess the importance of knowing everything you can about the bank email you just received asking for account information.
Table of contents
So let’s start with how exactly track email and tracing works?
Emails, when received, contain a lot of raw network information which is generally hidden from the user. By using the hidden information popularly known as raw information, we can effectively track an email and find in-depth information about the source of the email.
The way this works is we copy the raw header information (exact steps will be shown below). The tools and websites given below will use this IP and header information to trace the origin of the email address and the geographical location from where it was sent from. Tracing the information is legal since you have every right to do so. Still, you might want to check your country’s laws regarding the same just in case.
Trace Emails-
For this tutorial, I will use a phishing email that was sent to me as an attempt to compromise my amazon account. Luckily I used my email tracking skills to find out the truth about the email source. So let’s begin
Step 1: Getting the raw information to trace emails
Open the mail and check the raw information to track email t. For convenience, I will show how to do this on Gmail. Since it is the most popularly used email service:
Open the email you want to trace:
Click on more and “show original” option as shown below:
Once you have the data just copy it and follow step 2.
Step 2: Open the email tracer application or websites.
Installing so many apps is a hassle, so I have decided to show two of my favorite websites for tracking and tracing emails.
Link: https://www.ip2location.com/free/email-tracer
Link: https://whatismyipaddress.com/trace-email
Both of them work the same way. For this tutorial, I will use ip2location.
Copy the email header information from step 1 and copy-paste it in the header section as shown in the images below.
Once you are done. Click on the lookup button to track email.
Step 3: Analysing the output.
You will get a lot of information, as shown below:
Note how the information shows that the original source is not amazon.com but wowrack.com.
This proves that this was a phishing email targeted at me. The second IP was a fake amazon server intended to trick me into believing that the email was from the actual amazon.com.
| IP Address | 216.244.76.116 |
|---|---|
| Country | United States |
| Region & City | Washington, Seattle |
| Coordinates | 47.620620, -122.310960 (47°37’14″N 122°18’39″W) |
| ISP | Wowrack.com |
| Local Time | 21 Sep, 2019 09:37 AM (UTC -07:00) |
| Domain | wowrack.com |
| Net Speed | (COMP) Company/T1 |
| IDD & Area Code | (1) 206 |
| ZIP Code | 98168 |
| Weather Station | Seattle (USWA0395) |
| Mobile Carrier | – |
| Mobile Country Code (MCC) | – |
| Mobile Network Code (MNC) | – |
| Elevation | 47m |
| Usage Type | (DCH) Data Center/Web Hosting/Transit |
| IP Address | 15.164.56.245 |
|---|---|
| Country | Korea, Republic of |
| Region & City | Seoul-teukbyeolsi, Seoul |
| Coordinates | 37.568260, 126.977830 (37°34’6″N 126°58’40″E) |
| ISP | AWS Asia Pacific (Seoul) Region |
| Local Time | 22 Sep, 2019 01:37 AM (UTC +09:00) |
| Domain | amazon.com |
| Net Speed | (COMP) Company/T1 |
| IDD & Area Code | (82) 02 |
| ZIP Code | 100-101 |
| Weather Station | Seoul (KSXX0037) |
| Mobile Carrier | – |
| Mobile Country Code (MCC) | – |
| Mobile Network Code (MNC) | – |
| Elevation | 54m |
| Usage Type | (DCH) Data Center/Web Hosting/Transit |
In my case the original source message was from wowrack.com and from there it went to a fake amazon server. Then from the fake amazon server, an email message was sent to me asking me for information and login.
You can see how easily someone can be fooled thinking this mail is from amazon. That is why we need to be careful, especially with emails and attachments. Make sure you report spam and phishing messages as they will make Google spam detection that much better.
Conclusion:
We have learned how to trace emails to the source. We have also learned how to identify phishing emails and prevent hackers from gaining sensitive information about us.
Use fake emails where your real email address is not required.
This is one of the methods hackers use to hack your accounts by sending fake emails claiming to be the bank or service you regularly use. This is just one of the ways to detect phishing. Soon I will write a dedicated article on detecting phishing attacks. Keep supporting the hacking world till then.
Also read: How to secure and recover your Gmail account?
Commonly asked questions
Q1. Is this tool foolproof?
There is no such 100% guarantee. Instead, my recommendation is to use two or more tools. If both the tools show that the email cannot be trusted then report it as spam and block the sender.
Q2. Can I only use the email address without header information for tracing emails?
Yes, but it will be inaccurate and frankly useless in my frank opinion. Try to get the header information or simply ignore the mail. Check your main account instead. Never trust emails unless they are properly verified.
Q3. Are these email tracking and tracing tools and websites legal to use?
Yes, they are legal. Since you have the right to know where the message you received came from. Some country laws might not agree with me. So I suggest checking your country’s laws just in case.
Q4. I use antivirus. Do I still need to be worried about emails?
Antivirus generally does not check phishing emails and phishing pages. Even if they do, their ability is fairly limited since hackers keep making new and convincing phishing pages. For this reason, trust only yourself. To install a good antivirus but also keep good vigilance while clicking on emails and attachments.
Hopefully, you guys liked the article do share the articles as much as you can. You can always make custom requests on the custom requests page. Tracing Email can be done in many other different ways.
Do share this article with your loved ones. Happy hacking.
