We have had several phishing campaigns that have UTF-8 sections of the email subject or email address. For example I have a message with the subject that comes in as "=?UTF-8?Q?Data_is_pointing_toward=E2=80=A6?=" and the meta key is displayed as subject = 'Data is pointing toward…' If I just search for "Data is pointing" the message is not found, obviously. But I don't know how to see or search for the text that seems encoded.
I'm struggling to figure out how to work with this. I want to analyze how common it is to see these types of messages and eventually create meta that indicates messages as higher risk. Has anyone else dealt with this type of issue?
Regards,
/Dion
Dion Stempfley
Cybersecurity Analyst
Institute for Defense Analyses
