Analyst: Onaopemipo David Olugbemiro
Role: SOC Analyst Consultant
Report Type: Advanced Phishing Email Analysis (SOC Project)
Target Industry: Healthcare (VitalCare Health Solutions)
This project is a 10-day phishing email investigation and executive report developed as part of my cybersecurity analyst training.
It provides technical and executive-level analysis of a targeted phishing attempt against VitalCare Health Solutions, including header inspection, BEC analysis, authentication checks, attachment & URL analysis, and Indicators of Compromise (IoCs).
Key Deliverables:
- Technical phishing email analysis (header, SPF/DKIM/DMARC checks).
- Business Email Compromise (BEC) indicator assessment.
- Attachment and URL forensic analysis.
- Threat intelligence report with Indicators of Compromise (IoCs).
- Executive Report for top stakeholders.
| Tool / Technique | Purpose |
|---|---|
| MX TOOLBOX | Email authentication & spoofing detection |
| Header Analysis | Trace sender IP, Return-Path anomalies |
| Base64 Decoding | Malicious attachment inspection |
| VirusTotal & URLScan | URL and domain reputation analysis |
| Threat Intel Reporting | IOC extraction and documentation |
-
Authentication Failures
- SPF, DKIM, and DMARC all failed.
- Spoofed sender:
[email protected].
-
Suspicious Infrastructure
- Email sent from private IP
192.168.1.1(not routable for email). - Malicious domain
secure-vitalcare-login.comused for credential harvesting.
- Email sent from private IP
-
Social Engineering Indicators (BEC)
- Impersonation of internal security team.
- Subject line: “Urgent: Immediate Action Required”.
- Use of urgency + authority tactics to trick recipients.
Severity: High
If successful, this phishing attack could have resulted in:
- Credential Theft → Unauthorized access to patient records.
- Malware Infection → Ransomware or trojans delivered via attachment.
- Regulatory Breach → HIPAA non-compliance and NDPR/GDPR fines.
- Reputation Loss → Patient and partner trust erosion.
Immediate Actions:
- Quarantine email and block related domains/IPs.
- Alert staff about the phishing attempt.
Preventive Measures:
- Enforce strict SPF, DKIM, and DMARC reject policies.
- Deploy advanced email filtering and sandboxing.
- Conduct regular phishing awareness training and simulations.
Long-Term Enhancements:
- Strengthen SOC incident response playbooks.
- Implement continuous threat intelligence monitoring.
- Improve cloud email security baselines.
Through this project, I gained hands-on experience in:
- Phishing email forensic analysis (headers, attachments, URLs).
- Business Email Compromise (BEC) detection.
- IOC extraction and threat reporting.
- Executive-level security communication for stakeholders.
- Developing actionable security recommendations.
If you're a recruiter, SOC manager, or cybersecurity enthusiast, feel free to connect with me: