[BLUE TEAMING] - Recognize, Prevent, and Investigate phishing attacks.

<aside> 💡 Can be targeted and non-targeted, and small and large organizations can be affected.

</aside>

<aside> 💡 Signs of phishing to look for in emails

• Do you know the sender? Does the email address match the sender? Does the reply-to email match the sender?
• In the email body, does the email greet your personally, or is it very generic?
• Does the email contain grammar mistakes?
• Does the email give you a sense of urgency to act fact? Such as a deadline
• Does the email contain a link or a button that redirects you to a website?
• Is there an attachment to the email? </aside>

<aside> 💡 SPF (sender policy framework) - checks if the IP address is tied to the domain the email is coming from on the SPF records.

</aside>

<aside> 💡 Basically, severely limit your interaction with email based on your perception of how trustworthy it is and never click a link or download an attachment without being 100% sure it is safe.

</aside>

Questions ➖

1, 2, 3, 4, 5 -

6 - Email header means, subject line here

7, 8 - Open email attachment, decode base 64 code and save the file