Skip to content

Abdxlrahman/Task-2-FUTURE_CS_02

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 

Repository files navigation

Task-2-FUTURE_CS_02

🛡️ Phishing Email Detection & Awareness System

Cybersecurity Internship – Task 2 | Future Interns Prepared by: Abdul Rahman Abdul Aleem | May 2026


📌 Project Overview

This project analyzes real phishing email samples, identifies threat indicators, classifies risk levels, and provides prevention guidelines — all documented in a professional, business-friendly report.


🎯 Key Features

  • ✅ Identify phishing indicators (spoofed senders, fake domains, malicious links)
  • ✅ Classify emails as Safe / Suspicious / Phishing
  • ✅ Analyze email headers with MXToolbox
  • ✅ Provide prevention tips and awareness guidelines

🔬 Case Studies

Case Study 1 – "Your Account Will Be Locked" 🎣

Link-based credential harvester pretending to be a legitimate service.

  • Sender: jose@monkey.org — fake domain
  • Fake VERIFY button leading to a phishing site
  • Generic greeting: "Dear you"
  • 📊 MXToolbox Header Analysis

Case Study 2 – "Review Document" 🤝

Fake DocuSign email designed to steal Microsoft/Google credentials.

  • Sender impersonated DocuSign but came from andre.chacra@zg-www.sc.cninfo.net
  • REVIEW_DOCUMENT button pointed to oortstorage.com
  • 📊 MXToolbox Header Analysis

Case Study 3 – "Update Payment Method" 💳

Fake Netflix billing email targeting credit card information.

  • Sender: @em872.ramnet.co.za — not Netflix
  • UPDATE NOW button pointed to nham24.com
  • Greeting said "Dear costumer" — misspelled!
  • 📊 MXToolbox Header Analysis

🚩 The 4 Red Flags Checklist

Flag What to Look For
🔎 Suspicious Domain Misspelled brand names, odd TLDs, extra subdomains
⏰ Urgency / Pressure "Act now!", "Your account will be closed!"
🔗 Fake Links Hovered URL doesn't match the displayed text
👋 Generic Greeting "Dear Customer" — no real name or personal detail

🛠️ Tools Used

Tool Purpose
MXToolbox Email header parsing, SPF / DKIM / DMARC verification, blacklist lookup
Google Admin Toolbox DNS, MX records, and URL reputation checks
ICANN WHOIS / CentralOps Domain intelligence — registration dates, registrar info
URLScan.io / CyberChef Safe URL inspection inside isolated sandboxes
Manual Inspection Spotting typos, fake TLS certificates, newly registered domains

🔍 Analysis Approach

Each phishing email was investigated using a structured 4-step methodology:

  1. Header Analysis — Parsed raw email headers using MXToolbox to trace routing hops, verify SPF/DKIM/DMARC status, and identify mismatched Return-Path domains.
  2. Domain Intelligence — Looked up sender domains via WHOIS to check registration age, registrar details, and hosting location. Newly registered or throwaway domains are a strong phishing indicator.
  3. Link Inspection — Extracted and safely decoded all URLs using URLScan.io and CyberChef. Compared the displayed link text against the actual destination to detect redirection to phishing or malware sites.
  4. Red Flag Classification — Scored each email against the 4 Red Flags checklist (Suspicious Domain, Urgency/Pressure, Fake Links, Generic Greeting) and assigned a final risk rating: 🟢 Safe / 🟡 Suspicious / 🔴 Phishing.

📁 Repository Files

  • Task-2-FUTURE_CS_02.pdf — Full Phishing Detection & Awareness Report
  • Evidence.docx — MXToolbox header analysis evidence for all 3 case studies

👤 Author

Abdul Rahman Abdul Aleem — Cybersecurity Intern, Future Interns | May 2026

About

Phishing Email Detection & Awareness System | Cybersecurity Internship Task 2

Topics

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors