Scribd
Upload
24 views6 pages

Phishing Response Guidelines

The document outlines steps for identifying, reporting, and remediating phishing attacks. It includes instructions on recognizing suspicious emails, containing threats, investigating incidents, and educating employees about phishing. Additionally, it emphasizes the importance of using security tools and creating reports to track phishing incidents.

Uploaded by

tesopik926
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
24 views6 pages

Phishing Response Guidelines

The document outlines steps for identifying, reporting, and remediating phishing attacks. It includes instructions on recognizing suspicious emails, containing threats, investigating incidents, and educating employees about phishing. Additionally, it emphasizes the importance of using security tools and creating reports to track phishing incidents.

Uploaded by

tesopik926
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Phishing aesporse Date.

Authax- Vikuamt C sendmail'yiksantgmaitcon

what is Playhsok wsed fox


Thus Phayahoh giveA Atep-b- itep
Snstsuetions fo dateching, °stoPpng
Fulovezing
Gnyestiaatng attack whase orn
attacks
Phihuin tsuick Peaple
to B-mail unto
inks, emtexing passuoado
ceicking bad
douhoadirg haxmut jles
STEP 12 Taenbly ta this PhistingEmail'
whatto do
Be
emals
alet Whem wieeA Aaports suspicious
hook out orumkaum likei
asuning emdhugnsemail
Fake
Ceigy Aupport @misosoft@gmail:com)
Bad ox stranae Lamguage
Yot accomt eile be
Uagent
bapendad inLhousp
Suapicos links Chovex to chack whee
they leaol)
Unecpected attackments (iz ene,
html, Lso, ete:)
Tools to wsei
sIEM Sotuuae (eq Splunk, Wazuh): Helps
pattexns
Email Acusty ateuuay
Prootpant, Minecaat): Ftess'
(eg'
apamand
Shiva
theato
Date

Phishing Aeporting
apast ema
Bucttoni usd by employ
wiusTatal /URL Scanio: To check a link
damgsaus
Examplei
An
Emplaya aposct emai
Gc click hesie to
Je yoe bamk accoumt
The link bamk- login- helpbiz:
'a stzong ignof Phibhing
STEP 2)CONTAIN- top h damag quchly
Luhatto do
Jmmadiately quasamtine the Phishing
email Cgennove st fon brhoces).
Rlockthe bemddes domaLn.
addsd wsees ddon't qet t
Rlock any malieiaus limks taugh
Aonleome clicked the email,
aolate theie computer omthe
netuok

Tocls to Waei
S-mail Quaamtin Poxtal (Miosoft
Deferat Proopaint)DNS
ELsLeall Filtess
Umbellay Paco ALto)
Wab
(Zscalesy forceaaint)i
Blockaccusd to bad &it
EOR/XDR CCsuamud Stsuike, SettinlOu)
Helps s&alate njuted Computers. Shiva
Date.

Erample
The
Phihing email
Use
eached 5o
youse e-mail System
to dilt
nhoc mesbageom
amd blodk
Evexyonis
bemdeá donain
STEP 3) INVESTIGAT- What geally hapenud!
uhat to doi
Look at the email headees to
whese it Com
Check the URL2S - they kmaun
Phibhing domains?
Analifs ile attackmanh to
thees maleaxe
FLnd t amyNe clickid ox
entered Cxede

Ma Toolhoe Qoogle Head Analyzi


emoil headaes
SIEM CSplunk wazuh)i Seeech
to clicked lnks
Run/us Tatali Rum Auspicious
Any
Proa Aull loas check ho
danqoes Bits

Exampli
Yau find aut that
link and Entered thur emal
faauods Thase accoUnto are now at usk. Shiva
Date.

REMEDIATE - C Fit the damal done


what to doi
o amyUaLse who
React
clickecd
passods
emtexed
tor eduntials
Remove amt
Srataled
MaluaTe Scsupt
Make these persàtamca
Ce attackuw didn't cecete hiddm
acbumto backdooxs)
updat. Becusity tools so thy kacagniza
attack bcttime.

IAM/Ae Mamagememt CAzue AD, ORta):


Reset Pasozds
AV/EDR Trolo windauus Defemdea,
Bitfndese)i caan nleted
nlected machimes
Slsso Mamaqement Rauoke tokems
oLit

Escamplesi
The
thei pc cleaud
chamgd,
and logs
8hoe fsthe, huiprcioLs befauo
sTEP Ss Educot- TxaLD peapl nat
it
ekat to do:
Enail ale employs enplanng
Teach
Phishungattempt
them ow to Aecogniee
Shiva
Date.

Rum a Phishung imulation to tAt


thy'ue elasumed
'Reuad qood bebauaul Ceg people
who epated he attack)

Tsals to se?

Bimulaton toots
LMS/ lntegnal Tranung Beides
Emaii Templats i To d communcate.
wkat happened
Ecaeli
Send am
Today Hases Phishing attempt
team
time.. )

sTEP 6 pacUMENT4 REPORT- C|

what to doi
Caeate zeport ucth:
Timeline afthe cttack
who atfted
(ndicati of Compsoms
domains, haskisy Ps)
Actin Taken

shae ith
kaaddeskip cciso)
Conptiaha ga data Shiva
Scpocead)
Date.

Trackimq
MISP Thsat Shaning Platformi Sha
with othascs
lod LPDE TemplatsJ Use foxoficiat
uposts
Fcamplai
Yau eeate
nudent
PDE Aapozt ce Phishing
RSth-2wses
yfeted PasaLord eaet complate
Koat Coeedlemtial hanesting

Beqanaksi
Check email liko
Hbve tha
destin atiom
Dont teust emels

t
Kapont aagting team.

Shiva

You might also like