Detecting Phishing Emails
![Image](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiemazsbJQSBY5kawdl9mAxPENRcqueqEJOSJCnLUQwK-FirfSCC0EKBXLQ9YeOMV_2ExXQqcY8SGgMeucTjHalHBqgSMI5F2eH5Koi3f9tJFIixbU_lArogXV5UqOpxEi012cLRjvtlDJOrIZ9nkb02yLMKZDh_U8e_MnpPM1JTvs3woOEh1gozoTb6Q/w640-h426/istockphoto-1078729656-612x612.jpg)
Detecting and preventing the effects of phishing emails has become a primary interest for enterprises and governments today. Often because phishing emails lead to network breaches, ransomware, and exfiltration of sensitive information. Patching vulnerabilities, ensuring AV/EDR/XDR is installed on endpoints, network segmentation, and MFA are all great to do, but one step we can take before relying on these measures is ensuring the end-user community is routinely educated on how to detect phishing emails. So how do we detect phishing emails? Screening Emails Here are some of the items on what I call my "initial phishing screening checklist": Sender name and email address (especially domain) that doesn't match a legitimate one. Statements urging me to act quickly. Was I expecting an email like this? If I know the person and/or can reach them by phone, can I confirm it is them truly sending the email? (Out-of-band communication). At least on this one they give 24 hours not