Cybersecurity Internship – Task 2 | Future Interns Prepared by: Abdul Rahman Abdul Aleem | May 2026
This project analyzes real phishing email samples, identifies threat indicators, classifies risk levels, and provides prevention guidelines — all documented in a professional, business-friendly report.
- ✅ Identify phishing indicators (spoofed senders, fake domains, malicious links)
- ✅ Classify emails as Safe / Suspicious / Phishing
- ✅ Analyze email headers with MXToolbox
- ✅ Provide prevention tips and awareness guidelines
Link-based credential harvester pretending to be a legitimate service.
- Sender:
jose@monkey.org— fake domain - Fake VERIFY button leading to a phishing site
- Generic greeting: "Dear you"
- 📊 MXToolbox Header Analysis
Fake DocuSign email designed to steal Microsoft/Google credentials.
- Sender impersonated DocuSign but came from
andre.chacra@zg-www.sc.cninfo.net - REVIEW_DOCUMENT button pointed to
oortstorage.com - 📊 MXToolbox Header Analysis
Fake Netflix billing email targeting credit card information.
- Sender:
@em872.ramnet.co.za— not Netflix - UPDATE NOW button pointed to
nham24.com - Greeting said "Dear costumer" — misspelled!
- 📊 MXToolbox Header Analysis
| Flag | What to Look For |
|---|---|
| 🔎 Suspicious Domain | Misspelled brand names, odd TLDs, extra subdomains |
| ⏰ Urgency / Pressure | "Act now!", "Your account will be closed!" |
| 🔗 Fake Links | Hovered URL doesn't match the displayed text |
| 👋 Generic Greeting | "Dear Customer" — no real name or personal detail |
| Tool | Purpose |
|---|---|
| MXToolbox | Email header parsing, SPF / DKIM / DMARC verification, blacklist lookup |
| Google Admin Toolbox | DNS, MX records, and URL reputation checks |
| ICANN WHOIS / CentralOps | Domain intelligence — registration dates, registrar info |
| URLScan.io / CyberChef | Safe URL inspection inside isolated sandboxes |
| Manual Inspection | Spotting typos, fake TLS certificates, newly registered domains |
Each phishing email was investigated using a structured 4-step methodology:
- Header Analysis — Parsed raw email headers using MXToolbox to trace routing hops, verify SPF/DKIM/DMARC status, and identify mismatched Return-Path domains.
- Domain Intelligence — Looked up sender domains via WHOIS to check registration age, registrar details, and hosting location. Newly registered or throwaway domains are a strong phishing indicator.
- Link Inspection — Extracted and safely decoded all URLs using URLScan.io and CyberChef. Compared the displayed link text against the actual destination to detect redirection to phishing or malware sites.
- Red Flag Classification — Scored each email against the 4 Red Flags checklist (Suspicious Domain, Urgency/Pressure, Fake Links, Generic Greeting) and assigned a final risk rating: 🟢 Safe / 🟡 Suspicious / 🔴 Phishing.
Task-2-FUTURE_CS_02.pdf— Full Phishing Detection & Awareness ReportEvidence.docx— MXToolbox header analysis evidence for all 3 case studies
Abdul Rahman Abdul Aleem — Cybersecurity Intern, Future Interns | May 2026