Post

Phishing 101 Spot, Analyze, and Prevent

Posted
By Arbaz Khan
2 min read
Phishing 101 Spot, Analyze, and Prevent

A friendly, practical guide to recognizing phishing attempts and reducing risk across the organization.

What Is Phishing?

Phishing is a type of cyberattack where scammers impersonate trusted organizations to trick people into revealing sensitive information—like passwords, credit card numbers, or business credentials. Attackers often seek money, credentials, or to spread malware through fake messages.

For example, you might receive an email pretending to be from your bank asking you to “verify your account now” using an attached link or form.

Fake bank email with urgent request
Notice the urgent tone, spelling issues, and mismatched sender.

Common Tactics with Examples

Attackers rely on social engineering—psychological tricks—to get users to act quickly:

  • Impersonation: Pretending to be from a bank, HR, or delivery service.
  • Urgency and fear: Threats like “account closure” or “payroll on hold.”
  • Fake pages & attachments: Redirecting to login pages or malicious files.

Example of real vs suspicious link:

Copycat login page
The URL looks similar but is not the official domain.

How to Spot Phishing (Warning Signs)

  • Check the sender: Compare the display name and actual email address.
  • Preview links: Hover over to view where it really goes.
  • Watch the language: Urgent demands, poor grammar, or strange tone.
  • Look for tech clues: Use of HTTP instead of HTTPS, odd spellings, or lookalike letters in domains.

Tip: If anything feels off, verify through a trusted channel. Never reply or click first.

Spot the Phish: Mini-Quiz

Q1: An email says “Payroll update required in 2 hours” and links to http://hr-portal-pay.com.
What’s the red flag?
Answer: B — The domain isn’t a known company domain and uses HTTP.

Q2: The sender shows “IT Support” but the address is it.support@company-security.com.
What’s suspicious?
Answer: B — The sender domain doesn’t match the organization.

Find the Red Flags (Image Task)

Using the sample email screenshot, list the issues:

  1. Mismatched sender domain.
  2. Urgent, threatening language.
  3. Link points to lookalike domain.

If Someone Clicked or Submitted Info

  • Disconnect from Wi‑Fi or the corporate network if malware is suspected.
  • Change your password from a clean device—avoid reusing old ones.
  • Report the email to the IT/Security team (attach the original if possible).
  • Enable MFA and check recent sign-ins or account rules.
  • Monitor for unusual financial activity or forwarding rules.

Organizational Defenses

  • Run short, regular security awareness training.
  • Conduct phishing simulations to reinforce learning.
  • Use email security tools for spam filtering, sandboxing, and link inspection.
  • Implement DMARC, DKIM, and SPF to verify domains:
    • SPF ensures the email is sent from approved servers.
    • DKIM applies a digital signature to verify integrity.
    • DMARC tells receivers how to handle failed checks.
  • Encourage use of password managers to detect fake sites.
  • Set up a dedicated ‘Report Phish’ button or mailbox for quick reporting.

Simple Analysis Workflow (For Analysts)

  1. Collect headers, URLs, and attachments safely.
  2. Expand URLs and check reputation (in a sandboxed environment).
  3. Review SPF/DKIM/DMARC results and sender infrastructure.
  4. If attachments exist, hash and check against threat intel.
  5. Detonate suspicious files safely in an isolated sandbox.

Quick-Reference Checklist

  • Pause and check the sender address.
  • Hover over all links to confirm the domain.
  • Be cautious of urgency or requests for sensitive data.
  • Avoid unexpected attachments.
  • Verify any request via a trusted channel.
  • Use MFA and a password manager.
  • Report suspicious messages right away.
Security, Awareness
phishing security-awareness incident-response email-security
This post is licensed under CC BY 4.0 by the author.