Scribd
Upload
447 views7 pages

Phishing+Email+Analysis+ +Project+Brief 1

The document provides information about phishing emails and URLs. It outlines how phishing emails attempt to steal personal information by posing as legitimate sources. It then presents five sample emails and five URLs to analyze based on clues like sender address matching, grammar errors, urgency, and unexpected attachments. The task is to determine which emails and URLs are phishing or malicious in nature and submit the analysis in a sample report format.

Uploaded by

Ryalapeta Venu Yadav
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
447 views7 pages

Phishing+Email+Analysis+ +Project+Brief 1

The document provides information about phishing emails and URLs. It outlines how phishing emails attempt to steal personal information by posing as legitimate sources. It then presents five sample emails and five URLs to analyze based on clues like sender address matching, grammar errors, urgency, and unexpected attachments. The task is to determine which emails and URLs are phishing or malicious in nature and submit the analysis in a sample report format.

Uploaded by

Ryalapeta Venu Yadav
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Phishing Email Analysis – Project Brief

What is a Phishing Email?

Phishing emails are deceptive emails which are used by an attacker to gain confidential
information of the victim. It is a type of social engineering attack. Such emails appear to be
from valid sources. The purpose of such a social engineering attack is to:
• Acquire trade secrets
• Acquire banking details
• Infect systems with malware
• Direct to fake websites
• Deceive user to make payments

The cybercriminals pose as legitimate officials or services so that the victims are under the
impression that the email is from a legitimate source. Following are a few examples of
phishing emails:
• Account Deactivation
• Compromised Credit Card
• Fund Transfer
• Social Media Request
• Fake Google Doc Login
• Technical Support Request
• Vishing or voice-based hacking
• Pretexting
• Angler Phishing
[email protected]
I8J205YCDR How to spot a phishing email?

➢ Match the sender’s email address with the name of the organization they claim to be
representing.
➢ Check for syntax and grammatical errors
➢ Check if the email denotes a sense of urgency
➢ Check if the email has attachments which were not expected
➢ Check for unusual subject line
➢ Analyse the external links present in the body of the email

Project Overview:
This project consists of two tasks.
Task 1: You will be analysing the given emails & find out which of them are phishing
emails. In order to identify the phishing emails, use the techniques as described
above and in the learning videos.

Task 2: The security team continuously flags emails for suspicious links. The team
has found 5 links given below. Your task is to assess 5 URLs and identify if they are
safe or malicious.

The project consists of a total of 30 points.

This file is meant for personal use by [email protected] only.


Sharing or publishing the contents in part or full is liable for legal action.
Pro tip:
Analyse the links present in the body of the emails. You can analyse the URL’s by
hovering over the links and copying the URL using right-click.

Once you have copied the URL, you can use a text file to paste the link and analyse
it.

If you are using Adobe reader, the links would appear while hovering over the link.

[email protected]
I8J205YCDR

You can follow the same process for Windows and Mac.

Warning: The sample emails and the URL’s are part of real-world phishing or
spam emails, please ensure that you do not click on the links to access the
websites or interact with any IP, domain etc.

This file is meant for personal use by [email protected] only.


Sharing or publishing the contents in part or full is liable for legal action.
Task details and instructions:
Task 1:
Following are 5 sample emails. Use your knowledge of phishing emails and analyse
the authenticity of the emails. Sample emails are provided below:

Email #1

Click here to view this fax online

Email #2

[email protected]
I8J205YCDR
This Photo!

Email #3

Change Password

This file is meant for personal use by [email protected] only.


Sharing or publishing the contents in part or full is liable for legal action.
Email #4

Upgrade your Dropbox

Get more space

Dropbox for Business.

[email protected]
I8J205YCDR
Email #5

Change Password

This file is meant for personal use by [email protected] only.


Sharing or publishing the contents in part or full is liable for legal action.
Task 2:
The Security team at your organization has been monitoring phishing emails on a
regular basis. The Security team has identified 5 URL’s which appear to be
malicious.

The 5 URL’s are:


URL #1: www.wizy.io
URL #2: login-bankofamerlca.com
URL #3: http://netfilix.org/
URL #4: bharatpestcontrol.in
URL #5: trusstwallet.site

Your task is to ascertain whether these URL’s are malicious or not. Use the online
tool- https://urlscan.io/ and analyse the activity on the website. You can paste the URL
in the search box to analyse the activity on the URL.

Pro Tip: If you want to view the live screenshot of the associated webpage, you can click on
“Live Screenshot” to do the same without visiting the webpage.
[email protected]
I8J205YCDR

Click on Live screenshot

Click on Image for Screenshot Now

This file is meant for personal use by [email protected] only.


Sharing or publishing the contents in part or full is liable for legal action.
The Live Screenshot would look like:

Submission details:
Once you have completed both the tasks, please answer the following questions to
submit the project report.

Task 1:
[email protected]
I8J205YCDR 1. Is Email #1 a phishing email? Why or Why not? Please provide screenshot
indicating your assessment and explain the same in words. (3 points)
2. Is Email #2 a phishing email? Why or Why not? Please provide screenshot
indicating your assessment and explain the same in words. (3 points)
3. Is Email #3 a phishing email? Why or Why not? Please provide screenshot
indicating your assessment and explain the same in words. (3 points)
4. Is Email #4 a phishing email? Why or Why not? Please provide screenshot
indicating your assessment and explain the same in words. (3 points)
5. Is Email #5 a phishing email? Why or Why not? Please provide screenshot
indicating your assessment and explain the same in words. (3 points)

Task 2:
1. Is URL #1 a malicious URL? Why or Why not? Explain.
Please provide a live screenshot of the webpage using the online tool
https://urlscan.io/. (3 points)
2. Is URL #2 a malicious URL? Why or Why not? Explain.
Please provide a live screenshot of the webpage using the online tool
https://urlscan.io/. (3 points)
3. Is URL #3 a malicious URL? Why or Why not? Explain.
Please provide a live screenshot of the webpage using the online tool
https://urlscan.io/. (3 points)
4. Is URL #4 a malicious URL? Why or Why not? Explain.
Please provide a live screenshot of the webpage using the online tool
https://urlscan.io/. (3 points)
5. Is URL #5 a malicious URL? Why or Why not? Explain.

This file is meant for personal use by [email protected] only.


Sharing or publishing the contents in part or full is liable for legal action.
Please provide a live screenshot of the webpage using the online tool
https://urlscan.io/. (3 points)

Please use the Sample Report Format (published on Olympus) to submit the assignment.

Project Support:

Q&A forum for offline support: Discussion board.


You can also post your queries on the discussion forums available on Olympus.

[email protected]
I8J205YCDR

This file is meant for personal use by [email protected] only.


Sharing or publishing the contents in part or full is liable for legal action.

You might also like