Posts

SOC Analyst: Phishing Email Analysis

Image
Everyone is looking to level up in their career, and getting a job interview or offer email can be exciting. But sometimes, those emails aren’t what they seem, they’re fake recruitment scams trying to trick you. I came across a perfect example and want to show what I did to confirm my suspicions and what steps I took to report the email, and its domain.      Steps we will take to confirm, and take action: 1) General Social Engineering Red Flags 2) Context and Content Integrity Check 3) Domain Investigation 4) Certificate Investigation 5) Email Header Analysis 6) Reporting the Email Tools we use and/or discuss - VirusTotal - WHOIS.com - MXToolbox - Joe's Sandbox - PhishTank - OpenPhish General Social Engineering Red Flags The email contains no links to their organization's homepage, easy online contact information, nor LinkedIn page. Furthermore, by searching for the official website of Evernow and confirming their logo is the same, they are using a different domain for th...