Challenge: Teach a Person to Phish
National Cybersecurity Awareness Month has several themes, one of which is Phishing Awareness. This phishing challenge will have you analyze a real phish caught in the wild! The goal is to identify exactly why it was flagged as a phish and gain hands-on skills to validate a suspicious email!
Already have an account? Sign In »
Module 1: Inspect
Phishing awareness from a technical lens!
In this NCAM weekly challenge, you will analyze a phishing email. This challenge aims to look beyond the basics of phishing prevention and critically examine what is happening under the hood. As a critical point, we have opened up the “show original” option for the received email, thus gaining access to all header information!
- After reviewing the headers, why did this email fail SPF?
- What type of cryptography was used to validate that this email passed DKIM?
- What action was taken on the email after it failed DMARC?
- Based on what you know about SPF and DKIM, why did this email fail DMARC?
- What other detail does not match in the email body, which should trigger concern?
Who is this for?
Early career practitioners. Individuals new to cybersecurity may be challenged but the difficulty rating on this challenge is relatively low. We encourage the use of any internet resources, community/colleague assistance in completion of the challenge.
What resources are available to help solve this challenge?
Online search, Discord community, colleagues or fellow practitioners.
Are write ups permitted?
Yes, write ups are permitted; however, please do not post answers directly. All write ups should include an appropriate link back to Cybrary and the Cybrary Course.
Matthew Mullins
Technical Manager, Red Team
Complete this entire course to earn a Challenge: Teach a Person to Phish Certificate of Completion