SOC Analyst Training: How to Detect Phishing Emails

Threat actors frequently use phishing emails in their attacks. As users have gotten more educated about the dangers of opening sketchy emails, threat actors have updated their techniques to make the emails look more legitimate and convincing, increasing their chances of the victims opening them.

Traditionally phishing emails are associated with credential harvesting attacks, but that's not the only goal of these attacks. Adversaries send phishing emails containing malicious links or attachments to deploy malware such as backdoors and ransomware and further exploit the system.

Because emails are widely used, security teams have to deal with large amounts of files, filtering and inspecting them to prevent phishing emails from reaching the end user’s mailbox. To make it even harder, threat actors implement different techniques to evade detection and deliver threats in sneaky ways.

In this webinar we show:
• Overview of the email structure and how investigators can use it to detect and analyze phishing emails
• Attack vectors and techniques using email files
• Learn how Intezer analyzes all types of file attachments, and URLs, helps in phishing attack investigations
• A live demo of analyzing phishing emails using open-source tools. We will work on files that were used in several phishing attacks that eventually infected the victims with backdoors and information-stealing malware

What is a phishing email? 0:17
Types of phishing emails 0:53
Recent attacks 1:28
How email files are used by threat actors 2:16
How to inspect email files 2:46
Email structure 3:58
Email header 4:17
Spoofed emails 7:08
Conversation hijacking 13:10
Inspecting links 16:08
Extract and inspect attachments 18:19
Example 21:55
Q&A 23:54

Free open-source tools for extracting attachments from emails

Resources