3

My company is doing an anti-phishing campaign and sent out a "fake" email to see how many people would open the attachment. They had previously sent out information about how to avoid these kind of attacks.

So of course I recognized the email as part of the campaign, but my curiosity got the best of me and I was dying to see the code (it was an .html attachment). My question is: will they know if I saved the attachment to my desktop and then opened it with Notepad? I guess a secondary question would be is that safe to do in the first place?

I can attach the HTML code if anyone is curious, redacting the company specific information of course, but I'm not sure if that's necessary. Thanks in advance!

SDsolar
  • 977
  • 1
  • 6
  • 25
glassy
  • 131
  • 1
  • If you save it from email then - no. if you open the attachment and it opens inside the browser then they might. They can not tell if the email was opened in first place unless it was sent with confirmation of receipt – StuckBetweenTrees May 09 '17 at 16:43
  • 2
    It depends. For example if you are using a company controlled Webmail client the can look in the log files and see that the documented was downloaded. If you are using a client like Thunderbird they will probably not see this. – Steffen Ullrich May 09 '17 at 16:52
  • We (just) use Outlook. I'm assuming they can see that I opened the email but not that I saved the actual attachment, which is what I'm trying to confirm. – glassy May 09 '17 at 16:58
  • Even then they have some file monitoring in place on your local system which logs storing a new file from the Outlook application. If they have such a monitoring and look at it I don't know. Thus it is probably possible in theory but if it is possible in your specific case is unknown. – Steffen Ullrich May 09 '17 at 18:02

2 Answers2

2

It depends on your e-mail client, its configuration, and the protocol it uses to communicate with the server. For example, in the case of IMAP, in Outlook 2007 attachments weren't downloaded by default, but from Outlook 2010 and onwards, they are.

Although I seriously doubt your company's e-mail server keeps track of downloaded attachments in the first place, if you don't know whether attachments are automatically downloaded together with the e-mail, you could try disconnecting your computer from the network and then opening an attachment you haven't opened before. If it opens without trouble, then you know that attachments are fetched together with the e-mail and that your company won't know you downloaded the HTML file (unless they decide to inspect your computer).

user2428118
  • 2,768
  • 16
  • 23
1

"will they know if I saved the attachment to my desktop and then opened it with Notepad?"

This can be broke down into 3 sub questions.

  1. Could they know? - Yes, they could find out a variety of ways. For example, they could search domain computers c$ share for the file, search users home directories, etc.
  2. Do they know? - no clue
  3. Is it likely they know? - Probably not. I would bet that the detection relies on opening the html file in a browser.

"is that safe to do in the first place?"

Opening files in notepad is generally considered safe. However, you are increasing your risk of accidentally opening the file which could compromise your system.

Mike Wallace
  • 11
  • 1