Security · User Education

Phishing Awareness Exercise

Analyzed 10 real-world phishing samples, documented the red flags in each, and produced a one-page employee awareness guide.

Source PhishTank public database
Samples Analyzed 10 real phishing emails
Deliverable Employee awareness guide

Why This Matters

Phishing is the #1 entry point for corporate breaches. As a help desk technician, I'll be the first line of defense — both responding to incidents and educating users. This project built my ability to identify phishing patterns quickly and communicate risks clearly.

Red Flags Catalog

Across the 10 email samples analyzed, I identified these recurring red flags:

Case Study: "Microsoft Security Alert" Phish

One of the most convincing samples impersonated a Microsoft account security alert. Red flags identified:

# Email header analysis

From: security@microsoft-support-alerts.net

↳ Not microsoft.com — completely different domain

Reply-To: collect@harvesting-srv.ru

↳ Russian TLD, completely unrelated to sender

Link: "Click here to secure your account"

↳ href points to 193.42.xx.xx (raw IP address)

Employee Awareness Guide

I distilled findings into a one-page guide structured for non-technical employees. Key sections:

✓ Key Outcomes

← Back to Portfolio