This section covers how to analyze an inbox for phishing emails. Look for suspicious senders, unusual subject lines, and other indicators like unexpected attachments.
Example: A phishing email that impersonates a legitimate company might use a slightly altered email domain or contain urgent language to pressure the recipient. In the example below, we can see the sender is trying to create a sense of urgency. The sender also tries to impersonate Microsoft Support Team.
In this section, we demonstrate how to examine URLs in suspected phishing emails. Hover over the links to check where they lead before clicking, and always avoid clicking suspicious-looking URLs.
For this step, we can copy the link and paste in notepad for analysis. At first glance we can see the URL is not pointing to Microsoft.
A sandbox environment can be used to safely open attachments or run potentially malicious files to see their behavior. In this section, we discuss how to utilize a sandbox for phishing email attachments.
Example: We can create a free account for anyrun sandbox to safely open suspicious links and attachments. In our example the website was not accessible but we observed connections to suspicious sites.
VirusTotal is a powerful tool that allows users to scan suspicious files or URLs against various antivirus engines. In this section, we cover how to use VirusTotal to assess potential phishing threats.
Example: Upload files or URLs to VirusTotal to scan them for known malware or phishing signatures. Here we can check URLs that were observed in our sandbox and as we cann see they are malicious. Now we can confidently say the email is phishing and delete it from our inbox.