Downloading suspicious emails for further inspection

Several email phishing type tickets have an additional action enabling you to download the suspicious email (in .eml format). This allows you to directly examine potentially malicious emails before taking any further action. This download action applies to both open and closed tickets.

A .eml file is an email message saved by an email application, such as Microsoft Outlook or Apple Mail. It contains the content of the message, along with the subject, sender, recipient(s), and date of the message. .eml files may also store one or more email attachments, which are files sent with the message.

You can open .eml files with:

• Email programs, such as Microsoft Outlook, Apple Mail, and Mozilla Thunderbird.

• Web browsers, including Google Chrome, Microsoft Edge, and Internet Explorer.

• Plain text editor, such as Microsoft Notepad, and Apple TextEdit.

• Word processors such as Microsoft Word.

Downloading suspicious emails in .eml format

To download a potentially malicious email in .eml format:

1. Sign in to the Coro console

2. Select Tickets from the sidebar:

   

   Coro displays the Ticket Log page:

   

3. From the Type filter, select any one of the Email Security ticket types pertaining to phishing detectors:

   

   For a complete list of ticket types and outcomes, see Email Security ticket types.

4. Select an individual ticket, then select ACTIONS:

   

5. Select Download EML File:

   

   Coro displays a confirmation dialog warning of the risks:

   

6. Select CONFIRM to download the .eml file to your local workstation.

   Coro displays a confirmation message:

   

7. After the .eml file is downloaded, locate and open in order to view the contents of the email.