Day 2-Intership

Step 1: Obtain a Sample Phishing Email

• I used a fictional phishing email that mimics a fake PayPal warning message.
• The email included:
  • A suspicious sender address
  • A fake login link
  • Urgent language urging immediate action

Step 2: Review the Sender's Email Address

• From: security-update@paypaI.com
• Observation: The domain uses a capital "I" instead of lowercase "L" to look like "paypal.com".
• Phishing Indicator: Spoofed domain trying to mimic a trusted brand.

Step 3: Simulate Email Header Analysis

• I assumed common phishing traits from email headers:
  • SPF: Fail
  • DKIM: Not signed
  • DMARC: Not present
• Phishing Indicator: Email fails standard authentication checks.

Step 4: Check Embedded Links

• Link text: "Verify Your Account Now"
• Actual link: http://secure-paypaI-support.com/login
• Phishing Indicator:
  • The domain is not associated with PayPal.
  • Link is not secure (HTTP instead of HTTPS).
  • The URL is misleading and deceptive.

Step 5: Analyze Language and Tone

• Subject: “Urgent: Your PayPal account is at risk”
• Message includes:
  • Threats of account suspension
  • 24-hour deadline
  • Generic greeting: “Dear Customer”
  • Phishing Indicators:
  • Urgency and threats to pressure action.
  • Lack of personalization suggests mass targeting.

Step 6: List and Document Phishing Indicators

• I compiled a report listing all findings:
  • Spoofed sender address
  • Failed security checks
  • Fake and insecure URLs
  • Threatening language
  • Generic greeting

Step 7: Save the Report

• Final report saved as phishing_report.txt