Phishing Email Analysis is a cybersecurity process that entails the methodical analysis of suspicious or fake emails to identify and prevent phishing attacks.

It aims to recognize deceptive measures taken by the attackers who send emails that seem to be valid but are actually meant to steal sensitive information like login credentials, financial data, or deploy malware.

Testing Environment

• MX Toolbox Email Header Analyzer
• VirusTotal & AbuseIPDB
• Email Sample (.eml file)
• Whois lookup
• EML Analyzer
• URLscan

Investigation of phishing means the systematic process of examining suspicious emails, messages, or online activity suspected of being phishing attempts. The goal is to identify how the phishing attack was carried out, determine indicators of compromise.

IP address screening

• Identified suspicious URLs
• Validated SPF authentication
• Verified IP address from headers
• Extracted sender's full address & domain
• Analyzed suspicious email

A DNSBL (DNS-based blocklist) also known as a DNS blacklist or real-time blackhole list (RBL)—is a system used to identify and block IP addresses or domain names that are known sources of spam, malware, or other undesirable activity on the internet.

Phishing Email Analysis is the thorough examination of suspected phishing emails with the use of different technical and analytical approaches to defend users and organizations against cyber attacks.