Why do companies ask you to forward phishing emails to them as an attachment?



When you get a phishing email, sometimes a company will have a specific division that deals with that concern. So they’ll ask you to forward any emails of that nature to a specific email address.

But sometimes they ask you to do so as an attachment. Why?

In: Technology

Because if there’s any malicious code in the e-mail itself, having it separate as an attachment helps mitigate that. The IT department can open it on their own terms as opposed to opening your forwarded email that could then infect their systems.

This also retains the message exactly as it came in, since forwarding it normally could lose a lot of metadata especially if they want to inspect it closely.

My organization uses it to train the filters that block further phishing emails. It’s kind of like you sending an email to junk, but on a corporate level.