cybersecuritySkill
URLScan.io is a free service for scanning and analyzing suspicious URLs. It captures screenshots, DOM content, HTTP transactions, JavaScript behavior, and network connections of web pages in an isolated environment. This skill covers using URLScan's web interface and API to investigate phishing URLs, credential harvesting pages, and malicious redirects without exposing the analyst's system to risk.
Phishing Defense
awarenessdmarcemail-securityphishing+3
ATT&CK6, 6 mappingsNIST CSF4, 4 mappingsATLAS1, 1 mapping
cybersecuritySkill
Implement a phishing report button in email clients with automated triage workflow that analyzes user-reported suspicious emails and provides feedback to reporters.
Phishing Defense
email-securityincident-responsemicrosoft-365outlook+3
ATT&CK6, 6 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Business Email Compromise (BEC) is a sophisticated fraud scheme where attackers impersonate executives, vendors, or trusted partners to trick employees into transferring funds, sharing sensitive data, or changing payment details. Unlike traditional phishing, BEC often contains no malicious links or attachments, relying purely on social engineering. This skill covers detection techniques using email gateway rules, behavioral analytics, and financial process controls.
Phishing Defense
awarenessbecdmarcemail-security+3
ATT&CK9, 9 mappingsNIST CSF4, 4 mappingsATLAS2, 2 mappingsD3FEND5, 5 mappingsAI RMF2, 2 mappings
cybersecuritySkill
Deploy AI and NLP-powered detection systems to identify business email compromise attacks by analyzing writing style, behavioral patterns, and contextual anomalies that evade traditional rule-based filters.
Phishing Defense
aibecbehavioral-analyticsemail-security+4
ATT&CK9, 9 mappingsNIST CSF4, 4 mappingsATLAS3, 3 mappingsD3FEND5, 5 mappingsAI RMF5, 5 mappings
cybersecuritySkill
Detect and prevent QR code phishing (quishing) attacks that bypass traditional email security by embedding malicious URLs in QR code images within emails.
Phishing Defense
email-securityimage-analysismobile-securityocr+3
ATT&CK9, 9 mappingsNIST CSF4, 4 mappingsATLAS3, 3 mappingsAI RMF2, 2 mappings
cybersecuritySkill
Spearphishing targets specific individuals using personalized, researched content that bypasses generic spam filters. Email security gateways (SEGs) like Microsoft Defender for Office 365, Proofpoint, Mimecast, and Barracuda provide advanced detection capabilities including behavioral analysis, URL detonation, attachment sandboxing, and impersonation detection. This skill covers configuring these gateways to detect and block targeted phishing attacks.
Phishing Defense
awarenessdmarcemail-gatewayemail-security+3
ATT&CK8, 8 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Security awareness training is the human layer of phishing defense. An effective anti-phishing training program combines regular simulations, interactive learning modules, metric tracking, and positive reinforcement to build a security-conscious culture. This skill covers designing, deploying, and measuring a comprehensive phishing awareness program using platforms like KnowBe4, Proofpoint Security Awareness, and open-source alternatives.
Phishing Defense
awarenessdmarcemail-securityphishing+3
ATT&CK5, 5 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
SPF, DKIM, and DMARC form the three pillars of email authentication. Together they prevent domain spoofing, validate message integrity, and define policies for handling unauthenticated mail. Proper implementation drastically reduces phishing attacks that impersonate your organization's domain.
Phishing Defense
awarenessdkimdmarcdns+4
ATT&CK6, 6 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Email sandboxing detonates suspicious attachments and URLs in isolated environments to detect zero-day malware and evasive phishing payloads. Proofpoint Targeted Attack Protection (TAP) is an industry-leading solution that uses multi-stage sandboxing, URL rewriting, and predictive analysis. This skill covers configuring Proofpoint TAP, integrating with email flow, analyzing sandbox reports, and tuning detection policies.
Phishing Defense
awarenessdmarcemail-securityphishing+3
ATT&CK9, 9 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Configure Google Workspace advanced phishing and malware protection settings including pre-delivery scanning, attachment protection, spoofing detection, and Enhanced Safe Browsing.
Phishing Defense
admin-consoleanti-spoofingemail-securitygmail+3
ATT&CK9, 9 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Deploy Mimecast Targeted Threat Protection including URL Protect, Attachment Protect, Impersonation Protect, and Internal Email Protect to defend against advanced phishing and spearphishing attacks.
Phishing Defense
attachment-sandboxingemail-securityimpersonationmimecast+3
ATT&CK9, 9 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Deploy and configure Proofpoint Email Protection as a secure email gateway to detect and block phishing, malware, BEC, and spam before messages reach user inboxes.
Phishing Defense
anti-malwareanti-spambecemail-filtering+4
ATT&CK9, 9 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Detect and respond to Adversary-in-the-Middle (AiTM) phishing attacks that use reverse proxy kits like EvilProxy, Evilginx, and Tycoon 2FA to bypass MFA and steal session tokens.
Phishing Defense
aitmcredential-theftevilginxevilproxy+4
ATT&CK11, 11 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Execute a phased DMARC rollout from p=none monitoring through p=quarantine to p=reject enforcement, ensuring all legitimate email sources are authenticated before blocking unauthorized senders.
Phishing Defense
anti-spoofingdkimdmarcdns+4
ATT&CK8, 8 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
GoPhish is an open-source phishing simulation framework used by security teams to conduct authorized phishing awareness campaigns. It provides campaign management, email template creation, landing page cloning, and comprehensive reporting. This skill covers deploying GoPhish, creating realistic phishing scenarios, and analyzing campaign results to measure and improve organizational resilience.
Phishing Defense
awarenessdmarcemail-securitygophish+3
ATT&CK8, 8 mappingsNIST CSF4, 4 mappings