CN117768168A - Method for tracking opening of e-mail Word - Google Patents
Method for tracking opening of e-mail Word Download PDFInfo
- Publication number
- CN117768168A CN117768168A CN202311724583.8A CN202311724583A CN117768168A CN 117768168 A CN117768168 A CN 117768168A CN 202311724583 A CN202311724583 A CN 202311724583A CN 117768168 A CN117768168 A CN 117768168A
- Authority
- CN
- China
- Prior art keywords
- file
- tracking
- attachment
- word
- docx
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 27
- 230000000694 effects Effects 0.000 claims abstract description 30
- 238000005553 drilling Methods 0.000 claims description 4
- 241000700605 Viruses Species 0.000 description 4
- 230000001939 inductive effect Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 231100000572 poisoning Toxicity 0.000 description 1
- 230000000607 poisoning effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The invention relates to the technical field of information security, and discloses a method for tracking the opening of an email Word, which comprises the following steps: step one, decompressing a base.docx file; step two, decompressing an attachment file attachment.docx file required by the exercise activity; copying the content of the attribute directory to the base directory; and fourthly, constructing a specific recipient tracking link url. By modifying the remote template address of the docx file, the accessory file containing the tracking link is still stored into the docx format, the Word document in the docx format is in a normal document format and does not contain macro codes, and the Mi cross Word software does not pop up a reminder about enabling macro when opening the document, so that the continuity operation of opening the file by a participant is not interrupted, the opened event of the file can be normally tracked, the opened event of the E-mail Word accessory of the fishing exercise can be tracked by using the method, and the recognition capability and the safety awareness of the participant on the fishing mail with the accessory can be comprehensively known.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a method for tracking the opening of an email Word.
Background
Phishing mail refers to the act of an attacker masquerading as a person or organization you know through email, inducing you to access phishing links in the mail, entering personal sensitive information, or inducing you to download malware (often masquerading as an office file), poisoning a computer. The phishing mail exercise platform may create a phishing exercise activity, send simulated phishing mails to the active participants, and then track whether the participants open the mail, click on fake phishing links in the mail, to learn the participant's recognition ability and security awareness for phishing mails. One type of phishing mail is to disguise a virus file as a Word file and send it as an attachment to a recipient, induce the recipient to open the Word file (virus file), and if the recipient's computer has no safeguards, the computer may possibly be in charge of the virus. If a fishing practice activity wants to simulate such fishing mail, the simulated fishing mail sent to the participant must contain Word files as attachments. The method of tracking how a Word file is opened generally requires that the Word file enables a macro, edits macro code (the code may include an operation requesting a target server), and saves the Word file as a macro-enabled Word document (docm). When the file is opened and the macro is enabled, the macro code automatically requests the target server, and the server can track the file opened event.
When a macro-enabled Word document is opened, microsoft Word software pops up a reminder that must be allowed to enable the macro to continue opening the file. When a participant actually opens a scene of a file, macro is not started after popup reminding, so that an event that the file is opened cannot be tracked; the Word document suffix of the enabled macro is docm instead of docx, and when the Word document suffix is used as a mail attachment, the authenticity of the phishing mail is affected; when the Word document of the macro is used as a mail attachment, the Word document is usually isolated or intercepted by a mail gateway, so that a participant cannot receive the e-mail, and the coverage of the exercise activity is affected. Because the macro code that tracks Word document opening can actually be considered a section of macro virus, the mail gateway will isolate or intercept this type of mail.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a method for tracking the opening of the E-mail Word, which solves the problem of tracking the opened event of the E-mail Word attachment on the premise of not using macros, thereby improving the authenticity of the phishing mail containing the Word attachment, ensuring the touch rate and the exercise activity coverage of the phishing mail, and comprehensively knowing the identification capability and the safety awareness of participants on the phishing mail.
In order to achieve the above purpose, the invention is realized by the following technical scheme: a method of tracking email Word opening, comprising the steps of:
step one, decompressing a base.docx file;
step two, decompressing an attachment file attachment.docx file required by the exercise activity;
copying the content of the attribute directory to the base directory;
step four, constructing a specific recipient tracking link url;
fifthly, modifying word/_rels/settings.xml.rels files under the base directory;
step six, compressing the base directory to generate an attachment file xxx_attachment.
Step seven, adding the xxx_attribute.docx to the mail attachment and sending;
step eight, the receiver receives the E-mail and opens the attachment file xxx_attachment
Step nine, microsoft Word software requests the recipient to track the link url.
Preferably, in the first step, the base. Docx file is uploaded to an application server when an application program is deployed, the file must be created through Microsoft Word software, and the creation is performed through an online template, any online template can be selected, and the text content of the file is completely deleted and stored as the base. Docx file, wherein the docx file is a default file format in Microsoft Word, and is actually a compressed file, and a plurality of XML files and media files are contained in the compressed file and can be decompressed.
Preferably, in the third step, all contents under the attribute directory and under the word directory except the settingxml file are copied to the word directory under the base directory.
Preferably, in the fourth step, the exercise activity usually has multiple participants, i.e. recipients, and the activity needs to track the event record of each recipient, so that a corresponding tracking link needs to be constructed for each recipient, and the link contains unique information of the recipient, so as to distinguish other recipients, for example: https:// server.com/api/track/932d80c6-1c1f-11ee-a4d2-3a887c7000c9/? type=openfile, uuid in the link is unique, the recipient ID is associated, the application server requests the link, and the application server can record that the recipient opens the attachment file, so as to realize the tracking effect.
Preferably, in the fifth step, the decompressed directory of the docx file includes a plurality of subdirectories and files, the word/_rels/settings. Xml. Rels file includes template information of the docx file, and when the base. Docx file is created in the first step, the base. Docx file is created from an online template, and the information of the online template is stored in the file, where the file is an xml file, and the content is generally as follows:
<?xml version="1.0"encoding="UTF-8"standalone="yes"?>
<Relationships
xmlns="http://schemas.openxmlformats.org/package/2006/relationships">
<Relationship Id="rId1"Target="https://xxx/xx.docx"TargetMode="External"/>
</Relationships>
the Target attribute value of the Relationship tag is the link of the online template, and the link is replaced by the tracking link url constructed in S4.
Preferably, in the sixth step, the docx file may be decompressed into a directory, the directory may be compressed, a docx file may be generated reversely, and the base directory after processing may be compressed to generate an exclusive attachment file xxx_attachment.
Preferably, in step nine, the Microsoft Word software accesses the link of the online template to obtain the online template, and the operation actually requests the tracking link url of the recipient. And the application server receives the request and can record that the receiver opens the attachment file, so as to realize the tracking effect.
Preferably, the method for opening the tracking email Word attachment further comprises an M1 drilling activity starting module, an M2Word file processing module, an M3 email sending module and an M4 tracking request processing module.
Preferably, the M1 exercise activity starting module is responsible for obtaining mail template information, if the current active mail template includes an attachment, the M2Word file processing module is invoked to set an attachment file for each recipient to obtain recipient information, a specific tracking link url is constructed for the recipient, after the attachment file processing is completed, the M3 mail sending module is invoked to send an email to the recipient, and the M2Word file processing module is responsible for decompressing the file, such as processing the decompressed catalogue in the flowcharts S1 and S2, and setting the tracking link.
Preferably, the M3 mail sending module is responsible for sending an email with an attachment to a recipient according to a recipient address, and the M4 trace request processing module responds to a request when the recipient opens a file, that is, microsoft Word software requests the recipient to trace a url, where the specific content includes: and analyzing the request head, acquiring user-agent information, analyzing the request address, acquiring a real source IP, finding a corresponding receiver according to the uuid, and storing the event information of opening the attachment of the receiver in the exercise activity.
Working principle: by modifying the remote template address of the docx file, the attachment file containing the tracking link is still stored into the docx format, the Word file in the docx format is in a normal file format, a macro code is not contained, and a reminder about enabling macro is not popped up when Microsoft Word software opens the file, so that the continuity operation of opening the file by a participant is not interrupted, a file opened event can be normally tracked, the Word file in the docx format is in the normal file format, the authenticity of a fishing mail can be improved when the Word file in the docx format is used as a mail attachment, the Word file in the docx format is in the normal file format, the macro code is not contained, the mail gateway does not isolate or intercept the mail attachment when the Word file is used as a mail attachment, the touch rate and the exercise activity coverage of the fishing mail are ensured, and the opened event of the electronic mail attachment for fishing exercise is tracked by using the method, so that the recognition capability and the safety consciousness of the participant on the fishing mail with the attachment can be comprehensively known.
The invention provides a method for tracking the opening of an email Word. The beneficial effects are as follows:
1. according to the invention, the Word document in the docx format is in the normal document format, and does not contain macro codes, so that the Microsoft Word software does not pop up a reminder about starting macro when opening the document, and therefore, the continuity operation of opening the file by a participant is not interrupted, and the opened event of the file can be tracked normally.
2. According to the invention, the Word document in the docx format is in the normal document format, and the authenticity of the phishing mail can be improved when the Word document is used as a mail attachment.
3. According to the invention, the Word document in docx format is in normal document format, and does not contain macro codes, so that when the Word document is used as an email attachment, the email gateway can not isolate or intercept the email attachment, thereby ensuring the touch rate and exercise activity coverage of the email, and the method is used for tracking the opened event of the email attachment for fishing exercise, so that the recognition capability and safety awareness of participants on the email with the attachment can be comprehensively known.
Drawings
FIG. 1 is a flow chart of a method of tracking the opening of an email Word attachment;
FIG. 2 is a block diagram of a method of tracking the opening of an email Word attachment.
Detailed Description
The technical solutions of the embodiments of the present invention will be clearly and completely described below in conjunction with the embodiments of the present invention, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Examples:
referring to fig. 1-2, an embodiment of the present invention provides a method for tracking email Word opening, including the following steps:
step one, decompressing a base.docx file;
step two, decompressing an attachment file attachment.docx file required by the exercise activity;
copying the content of the attribute directory to the base directory;
step four, constructing a specific recipient tracking link url;
fifthly, modifying word/_rels/settings.xml.rels files under the base directory;
step six, compressing the base directory to generate an attachment file xxx_attachment.
Step seven, adding the xxx_attribute.docx to the mail attachment and sending;
step eight, the receiver receives the E-mail and opens the attachment file xxx_attachment
Step nine, microsoft Word software requests the recipient to track the link url.
In the first step, the base. Docx file is uploaded to an application server when an application program is deployed, the file must be created through Microsoft Word software, and the file is created through an online template, any online template can be selected when the file is created, the text content of the file can be completely deleted and stored as the base. Docx file, the docx file is a default file format in Microsoft Word, and the file is actually a compressed file, and a plurality of XML files and media files are contained in the file and can be decompressed.
In the third step, all contents except the settingxml files under the attribute directory and under the word directory are copied to the word directory under the base directory.
In step four, the exercise usually has multiple participants, i.e. recipients, and the event records of each recipient need to be tracked, so that a corresponding tracking link needs to be constructed for each recipient, and the links contain unique information of the recipient, so as to distinguish other recipients, for example: https:// server.com/api/track/932d80c6-1c1f-11ee-a4d2-3a887c7000c9/? type=openfile, uuid in the link is unique, the recipient ID is associated, the application server requests the link, and the application server can record that the recipient opens the attachment file, so as to realize the tracking effect.
In the fifth step, the decompressed directory of the docx file includes a plurality of subdirectories and files, the word/_rels/settings.xml.rels file includes template information of the docx file, in the first step, the base.docx file is created from an online template, the information of the online template is stored in the file, and the file is an xml file, and the contents are generally as follows:
<?xml version="1.0"encoding="UTF-8"standalone="yes"?>
<Relationships
xmlns="http://schemas.openxmlformats.org/package/2006/relationships">
<Relationship Id="rId1"Target="https://xxx/xx.docx"TargetMode="External"/>
</Relationships>
the Target attribute value of the Relationship tag is the link of the online template, and the link is replaced by the tracking link url constructed in S4.
In step six, the docx file may be decompressed into a directory, the directory may be compressed to generate a docx file in a reverse direction, and the base directory after processing is compressed to generate an attachment file xxx_attachment.
In step nine, microsoft Word software accesses the links of the online template to obtain the online template, which in effect requests the tracking links url of the recipient. And the application server receives the request and can record that the receiver opens the attachment file, so as to realize the tracking effect.
The method for tracking the opened E-mail Word attachments further comprises an M1 drilling activity starting module, an M2Word file processing module, an M3 mail sending module and an M4 tracking request processing module.
The M1 drilling activity starting module is responsible for acquiring mail template information, if the current activity mail template contains an attachment, the M2Word file processing module is called, an attachment file is set for each receiver to acquire receiver information, a specific tracking link url is constructed for the receiver, the M3 mail sending module is called to send an E-mail to the receiver after the attachment file processing is finished, the M2Word file processing module is responsible for decompressing the file, the decompressed catalogue is processed according to the flowcharts S1 and S2, and the tracking link is set.
The M3 mail sending module is responsible for sending an email with an attachment to a receiver according to a receiver address, and the M4 tracking request processing module responds to a request when the receiver opens a file, namely, microsoft Word software requests the receiver tracking link url, wherein the specific contents comprise: and analyzing the request head, acquiring user-agent information, analyzing the request address, acquiring a real source IP, finding a corresponding receiver according to the uuid, and storing the event information of opening the attachment of the receiver in the exercise activity.
Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (10)
1. A method for tracking email Word opening, comprising the steps of:
step one, decompressing a base.docx file;
step two, decompressing an attachment file attachment.docx file required by the exercise activity;
copying the content of the attribute directory to the base directory;
step four, constructing a specific recipient tracking link url;
fifthly, modifying word/_rels/settings.xml.rels files under the base directory;
step six, compressing the base directory to generate an attachment file xxx_attachment.
Step seven, adding the xxx_attribute.docx to the mail attachment and sending;
step eight, the receiver receives the E-mail and opens the attachment file xxx_attachment
Step nine, microsoft Word software requests the recipient to track the link url.
2. The method for tracking email Word opening of claim 1, wherein: in the first step, the base. Docx file is uploaded to an application server when an application program is deployed, the file must be created through Microsoft Word software, and the file is created through an online template, any online template can be selected when the file is created, the text content of the file can be completely deleted, and the file is stored as the base. Docx file, wherein the docx file is a default file format in Microsoft Word, and is actually a compressed file, and a plurality of XML files and media files are contained in the compressed file and can be decompressed.
3. The method for tracking email Word opening of claim 1, wherein: and step three, copying all contents except the settingxml files under the attribute directory and under the word directory to the word directory under the base directory.
4. The method for tracking email Word opening of claim 1, wherein: in step four, the exercise usually has multiple participants, i.e. recipients, and the event record of each recipient needs to be tracked, so that a corresponding tracking link needs to be constructed for each recipient, and the links include unique information of the recipient, so as to distinguish other recipients, for example: https:// server.com/api/track/932d80c6-1c1f-11ee-a4d2-3a887c7000c9/? type=openfile, uuid in the link is unique, the recipient ID is associated, the application server requests the link, and the application server can record that the recipient opens the attachment file, so as to realize the tracking effect.
5. The method for tracking email Word opening of claim 1, wherein: in the fifth step, the decompressed directory of the docx file includes a plurality of subdirectories and files, the word/_rels/settings.xml.rels file includes template information of the docx file, in the first step, the base.docx file is created from an online template, the information of the online template is stored in the file, the file is an xml file, and the content is generally as follows:
<?xml version="1.0"encoding="UTF-8"standalone="yes"?>
<Relationshipsxmlns="http://schemas.openxmlformats.org/package/2006/relationship s">
<Relationship Id="rId1"Target="https://xxx/xx.docx"TargetMode="External"/>
</Relationships>
the Target attribute value of the Relationship tag is the link of the online template, and the link is replaced by the tracking link url constructed in S4.
6. The method for tracking email Word opening of claim 1, wherein: in the sixth step, the docx file may be decompressed into a directory, the directory may be compressed to generate a docx file in a reverse direction, and the base directory after processing is compressed to generate an attachment file xxx_attachment.
7. The method for tracking email Word opening of claim 1, wherein: in step nine, the Microsoft Word software accesses the links of the online template to obtain the online template, and the operation actually requests the tracking links url of the recipient. And the application server receives the request and can record that the receiver opens the attachment file, so as to realize the tracking effect.
8. The method for tracking email Word opening of claim 1, wherein: the method for tracking the opened E-mail Word attachments further comprises an M1 drilling activity starting module, an M2Word file processing module, an M3 mail sending module and an M4 tracking request processing module.
9. The method for tracking email Word opening of claim 8, wherein: the M1 exercise activity starting module is responsible for acquiring mail template information, if the current activity mail template comprises an attachment, the M2Word file processing module is called, the attachment file is set for each receiver to acquire receiver information, a specific tracking link url is constructed for the receiver, the M3 mail sending module is called to send an E-mail to the receiver after the attachment file processing is finished, the M2Word file processing module is responsible for decompressing files, such as the decompressed catalogues are processed in the flowcharts S1 and S2, and the tracking link is set.
10. The method for tracking email Word opening of claim 8, wherein: the M3 mail sending module is responsible for sending an email with an attachment to a receiver according to a receiver address, and the M4 tracking request processing module responds to a request when the receiver opens a file, namely, microsoft Word software requests the receiver tracking link url, wherein the specific contents comprise: and analyzing the request head, acquiring user-agent information, analyzing the request address, acquiring a real source IP, finding a corresponding receiver according to the uuid, and storing the event information of opening the attachment of the receiver in the exercise activity.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311724583.8A CN117768168A (en) | 2023-12-14 | 2023-12-14 | Method for tracking opening of e-mail Word |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311724583.8A CN117768168A (en) | 2023-12-14 | 2023-12-14 | Method for tracking opening of e-mail Word |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117768168A true CN117768168A (en) | 2024-03-26 |
Family
ID=90315433
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311724583.8A Pending CN117768168A (en) | 2023-12-14 | 2023-12-14 | Method for tracking opening of e-mail Word |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117768168A (en) |
-
2023
- 2023-12-14 CN CN202311724583.8A patent/CN117768168A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10805347B2 (en) | Systems and methods of detecting email-based attacks through machine learning | |
| US7650387B2 (en) | Method and system for managing storage on a shared storage space | |
| US8914856B1 (en) | Synchronization of networked storage systems and third party systems | |
| CN101243464B (en) | Enhanced e-mail folder security | |
| US8078880B2 (en) | Portable personal identity information | |
| US8819819B1 (en) | Method and system for automatically obtaining webpage content in the presence of javascript | |
| US8090782B2 (en) | Electronic messaging system and method | |
| US20070266095A1 (en) | Seamless electronic mail capture with user awareness and consent | |
| US10425422B1 (en) | Message content modification devices and methods | |
| US7917655B1 (en) | Method and system for employing phone number analysis to detect and prevent spam and e-mail scams | |
| US8346878B2 (en) | Flagging resource pointers depending on user environment | |
| US20150365359A1 (en) | Html5-based message protocol | |
| US20120005291A1 (en) | System for Applying a Variety of Policies and Actions to Electronic Messages Before They Leave the Control of the Message Originator | |
| US20210185089A1 (en) | System and method for securing documents prior to transmission | |
| US20090300127A1 (en) | E-mail forwarding method and system | |
| US20220188402A1 (en) | Real-Time Detection and Blocking of Counterfeit Websites | |
| CN101243442A (en) | Annotating shared contacts with public descriptors | |
| JP2005202972A (en) | Method and system for mobile device messaging | |
| US7917593B1 (en) | Method and system for employing automatic reply systems to detect e-mail scammer IP addresses | |
| US20110264751A1 (en) | System and method for a video emailing service | |
| US10110623B2 (en) | Delaying phishing communication | |
| US9537946B2 (en) | System and method for creating and sharing user-generated information | |
| CN111159100A (en) | Block chain file access method and device, computer equipment and storage medium | |
| US20090172018A1 (en) | Electronic document management method | |
| US10277542B2 (en) | Embedding actionable content in electronic communication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |