Security · User Education
Analyzed 10 real-world phishing samples, documented the red flags in each, and produced a one-page employee awareness guide.
Phishing is the #1 entry point for corporate breaches. As a help desk technician, I'll be the first line of defense — both responding to incidents and educating users. This project built my ability to identify phishing patterns quickly and communicate risks clearly.
Across the 10 email samples analyzed, I identified these recurring red flags:
One of the most convincing samples impersonated a Microsoft account security alert. Red flags identified:
# Email header analysis
From: security@microsoft-support-alerts.net
↳ Not microsoft.com — completely different domain
Reply-To: collect@harvesting-srv.ru
↳ Russian TLD, completely unrelated to sender
Link: "Click here to secure your account"
↳ href points to 193.42.xx.xx (raw IP address)
I distilled findings into a one-page guide structured for non-technical employees. Key sections: