Phishing Email Investigation
Objective
I analyze suspicious emails to determine whether they are legitimate, phishing attempts, or potentially malicious, and provide clear, actionable insights.
What I Analyze
| What | How I Analyze | Why It Matters |
|---|---|---|
| EML Source Analysis | Inspect raw email structure and metadata | Reveals hidden indicators not visible in standard email view |
| Header Check | Analyze email headers (Received chain, SPF, DKIM, DMARC) | Helps verify sender authenticity and detect spoofing |
| Link Analysis | Examine embedded URLs and redirections | Identifies phishing links or malicious destinations |
| Domain Reputation | Check sender domains against threat intelligence sources | Detects known malicious or recently registered domains |
| DNS Authenticity | Validate domain configuration and DNS records | Ensures the domain is legitimate and not manipulated |
| Attachment Analysis | Review attachments for suspicious patterns or indicators | Identifies potential malware or harmful payloads |
Scope & Options
Analysis can be performed on:
✔️ Forwarded emails (including .eml files or screenshots)
✔️ Extracted email data from client systems