Security specialty

Phishing Defense

Browse every cataloged workflow for phishing defense, with source context, tags, and security framework mappings intact.

Complete collection

Skills in this domain

15 skills

cybersecuritySkill

Analyzing Malicious URL with URLScan

URLScan.io is a free service for scanning and analyzing suspicious URLs. It captures screenshots, DOM content, HTTP transactions, JavaScript behavior, and network connections of web pages in an isolated environment. This skill covers using URLScan's web interface and API to investigate phishing URLs, credential harvesting pages, and malicious redirects without exposing the analyst's system to risk.

Phishing Defense
awarenessdmarcemail-securityphishing+3
ATT&CK, 6 mappingsNIST CSF, 4 mappingsATLAS, 1 mapping
cybersecuritySkill

Building Phishing Reporting Button Workflow

Implement a phishing report button in email clients with automated triage workflow that analyzes user-reported suspicious emails and provides feedback to reporters.

Phishing Defense
email-securityincident-responsemicrosoft-365outlook+3
ATT&CK, 6 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Detecting Business Email Compromise

Business Email Compromise (BEC) is a sophisticated fraud scheme where attackers impersonate executives, vendors, or trusted partners to trick employees into transferring funds, sharing sensitive data, or changing payment details. Unlike traditional phishing, BEC often contains no malicious links or attachments, relying purely on social engineering. This skill covers detection techniques using email gateway rules, behavioral analytics, and financial process controls.

Phishing Defense
awarenessbecdmarcemail-security+3
ATT&CK, 9 mappingsNIST CSF, 4 mappingsATLAS, 2 mappingsD3FEND, 5 mappingsAI RMF, 2 mappings
cybersecuritySkill

Detecting Business Email Compromise with AI

Deploy AI and NLP-powered detection systems to identify business email compromise attacks by analyzing writing style, behavioral patterns, and contextual anomalies that evade traditional rule-based filters.

Phishing Defense
aibecbehavioral-analyticsemail-security+4
ATT&CK, 9 mappingsNIST CSF, 4 mappingsATLAS, 3 mappingsD3FEND, 5 mappingsAI RMF, 5 mappings
cybersecuritySkill

Detecting QR Code Phishing with Email Security

Detect and prevent QR code phishing (quishing) attacks that bypass traditional email security by embedding malicious URLs in QR code images within emails.

Phishing Defense
email-securityimage-analysismobile-securityocr+3
ATT&CK, 9 mappingsNIST CSF, 4 mappingsATLAS, 3 mappingsAI RMF, 2 mappings
cybersecuritySkill

Detecting Spearphishing with Email Gateway

Spearphishing targets specific individuals using personalized, researched content that bypasses generic spam filters. Email security gateways (SEGs) like Microsoft Defender for Office 365, Proofpoint, Mimecast, and Barracuda provide advanced detection capabilities including behavioral analysis, URL detonation, attachment sandboxing, and impersonation detection. This skill covers configuring these gateways to detect and block targeted phishing attacks.

Phishing Defense
awarenessdmarcemail-gatewayemail-security+3
ATT&CK, 8 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Anti-Phishing Training Program

Security awareness training is the human layer of phishing defense. An effective anti-phishing training program combines regular simulations, interactive learning modules, metric tracking, and positive reinforcement to build a security-conscious culture. This skill covers designing, deploying, and measuring a comprehensive phishing awareness program using platforms like KnowBe4, Proofpoint Security Awareness, and open-source alternatives.

Phishing Defense
awarenessdmarcemail-securityphishing+3
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing DMARC, DKIM, and SPF Email Security

SPF, DKIM, and DMARC form the three pillars of email authentication. Together they prevent domain spoofing, validate message integrity, and define policies for handling unauthenticated mail. Proper implementation drastically reduces phishing attacks that impersonate your organization's domain.

Phishing Defense
awarenessdkimdmarcdns+4
ATT&CK, 6 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Email Sandboxing with Proofpoint

Email sandboxing detonates suspicious attachments and URLs in isolated environments to detect zero-day malware and evasive phishing payloads. Proofpoint Targeted Attack Protection (TAP) is an industry-leading solution that uses multi-stage sandboxing, URL rewriting, and predictive analysis. This skill covers configuring Proofpoint TAP, integrating with email flow, analyzing sandbox reports, and tuning detection policies.

Phishing Defense
awarenessdmarcemail-securityphishing+3
ATT&CK, 9 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Google Workspace Phishing Protection

Configure Google Workspace advanced phishing and malware protection settings including pre-delivery scanning, attachment protection, spoofing detection, and Enhanced Safe Browsing.

Phishing Defense
admin-consoleanti-spoofingemail-securitygmail+3
ATT&CK, 9 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Mimecast Targeted Attack Protection

Deploy Mimecast Targeted Threat Protection including URL Protect, Attachment Protect, Impersonation Protect, and Internal Email Protect to defend against advanced phishing and spearphishing attacks.

Phishing Defense
attachment-sandboxingemail-securityimpersonationmimecast+3
ATT&CK, 9 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Proofpoint Email Security Gateway

Deploy and configure Proofpoint Email Protection as a secure email gateway to detect and block phishing, malware, BEC, and spam before messages reach user inboxes.

Phishing Defense
anti-malwareanti-spambecemail-filtering+4
ATT&CK, 9 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Performing Adversary-in-the-Middle Phishing Detection

Detect and respond to Adversary-in-the-Middle (AiTM) phishing attacks that use reverse proxy kits like EvilProxy, Evilginx, and Tycoon 2FA to bypass MFA and steal session tokens.

Phishing Defense
aitmcredential-theftevilginxevilproxy+4
ATT&CK, 11 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Performing DMARC Policy Enforcement Rollout

Execute a phased DMARC rollout from p=none monitoring through p=quarantine to p=reject enforcement, ensuring all legitimate email sources are authenticated before blocking unauthorized senders.

Phishing Defense
anti-spoofingdkimdmarcdns+4
ATT&CK, 8 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Performing Phishing Simulation with GoPhish

GoPhish is an open-source phishing simulation framework used by security teams to conduct authorized phishing awareness campaigns. It provides campaign management, email template creation, landing page cloning, and comprehensive reporting. This skill covers deploying GoPhish, creating realistic phishing scenarios, and analyzing campaign results to measure and improve organizational resilience.

Phishing Defense
awarenessdmarcemail-securitygophish+3
ATT&CK, 8 mappingsNIST CSF, 4 mappings