How to Catch a Phish

Every organization and email account is susceptible to phishing messages. Phishing messages vary vastly in sophistication, but the core skills and process to analyze a suspicious message does not change.Attackers have preyed on victims with convincing and not-so-convincing phishing emails to gain initial footholds into networks around the world for well over 20 years. This attack method has been rapidly growing in popularity and continues to be the number one infection vector that organizations and individuals struggle to defend against. Regardless of what any vendor or organization will tell you, no infallible tool currently exists. How to Catch a Phish will train individuals from all walks of life and technical backgrounds to detect, investigate, and respond to the number one infection vector today. The repeatable process described here has been cultivated and tested in real-life incidents and has been validated across multiple threat landscapes and environments.The book teaches readers how to analyze suspicious messages using open source tools and resources. The reader will understand the basics of email, tactics used by attackers, and a repeatable process to systematically check messages for suspicious activity. What you'll learnHow email messages workWhat information is in an email headerKey indicators of a suspicious or malicious email messageTactics used in phishing emails by attackersReview header information and pull out key indicators or signaturesSafely extract and analyze email links and attachmentsHow to use a variety of open source and freely available tools to analyze email messagesHow to save messages as attachments for analysisWho This Book Is ForThis book is beneficial to nearly every person with an email account. That number is large, but the main readers will likely be cybersecurity professionals and enthusiasts. These individuals currently hold or aspire to obtain positions such as IT Security Analyst, Network Defender, SOC Analyst, Help Desk Technician. The audience likely has a general understanding of how email works and some ways that attackers use this platform for initial access.