Phishing-Email-Analysis

📌 Cyber Security Internship – Task 2

🔹 Phishing Email Analysis

📑 Objective

The goal of this task is to analyze a suspicious email and identify phishing characteristics such as spoofed addresses, malicious links, and social engineering tactics.

---

🔹 Steps Followed

1. Collected Sample Phishing Email
   • Example: Fake bank email asking for urgent account verification.
2. Analyzed Sender Address
   • Displayed: support@secure-bank.com
   • Actual: support@secure-bank-login.xyz
   • 🚩 Spoofed domain detected.
3. Checked Email Headers
   • Used: Google Header Analyzer
   • Found mismatched Received from IP, failed SPF/DKIM checks.
4. Inspected Email Body
   • Urgent tone: “Verify within 24 hours to avoid suspension.”
   • Multiple grammar/spelling errors.
   • 🚩 Social engineering attempt.
5. Checked Links
   • Visible: https://secure-bank.com/login
   • Actual: http://malicious-site.ru/verify
   • 🚩 Mismatched URL.
6. Examined Attachments
   • Suspicious file: BankStatement.zip
   • Likely malware.

---

🔹 Phishing Indicators Found

• Spoofed email domain
• Failed SPF/DKIM authentication
• Urgent/threatening language
• Grammar and spelling errors
• Mismatched URLs (phishing redirection)
• Suspicious attachment

---

🔹 Conclusion

This is a phishing email designed to trick users into giving away credentials and potentially installing malware.

✅ Recommended Actions:

• Do not click on links or download attachments.
• Report the email to IT/security team.
• Block sender domain.
• Educate users about phishing risks.

---

🔹 Interview Q&A

Q1. What is phishing?
Fraudulent attempt to obtain sensitive data by pretending to be a trusted entity.

Q2. How to identify a phishing email?
Look for spoofed addresses, mismatched URLs, grammar errors, urgency, and suspicious attachments.

Q3. What is email spoofing?
Forging the sender’s email address to look like a trusted source.

Q4. Why are phishing emails dangerous?
They steal data, spread malware, and cause financial loss.

Q5. How can you verify sender authenticity?
Check headers, SPF/DKIM records, and confirm through official channels.

Q6. What tools can analyze email headers?
Google Header Analyzer, MXToolbox, Microsoft Message Analyzer.

Q7. What actions should be taken on suspected phishing emails?
Report to IT/security team, block sender, delete the email.

Q8. How do attackers use social engineering in phishing?
They exploit fear, urgency, or curiosity to manipulate users.

---

🔹 Repository Structure

📁 Phishing-Email-Analysis
 ┣ 📄 README.md   ← This report
 ┣ 📁 screenshots ← (Optional: include email sample/header screenshots)
 ┗ 📄 phishing-report.pdf (Optional formatted report)