NeoShield Security logo NeoShield Security Quantum X

// sample report

Phishing Email Analysis — Sample Report

This is a sample report — an illustrative example for evaluation only. It does not describe any specific customer or system.

Example scenario

An employee forwards a suspicious "account verification" email to the security inbox for a verdict.

Executive summary

The message is assessed as likely phishing. The sender domain is a look-alike of the brand, the reply-to differs from the display name, and the call-to-action link uses a homograph domain behind a URL shortener. Recommended action: do not click, report, and block the sender domain.

Findings

IDFindingSeverityMapping
PH-01 Look-alike sender domain High MITRE ATT&CK T1566.002 · NIST AT-2
PH-02 Reply-To mismatch Medium MITRE ATT&CK T1566 · NIST SI-8
PH-03 Homograph link behind a shortener High MITRE ATT&CK T1566.002 · CWE-1007 · NIST IA-2

Details

PH-01 · Look-alike sender domain

High

Evidence. Display name shows the brand while the envelope domain is a near-identical look-alike registered recently.

Risk. Recipients may trust the familiar display name and act on the request.

Defensive countermeasure. Block the sending domain, warn staff, and enforce DMARC (reject) so spoofing is harder.

MITRE ATT&CK T1566.002 · NIST AT-2

PH-02 · Reply-To mismatch

Medium

Evidence. Reply-To address points to a free webmail account unrelated to the claimed sender.

Risk. Replies and any shared data would reach the attacker rather than the brand.

Defensive countermeasure. Flag Reply-To mismatches at the gateway; coach staff to verify via a known channel.

MITRE ATT&CK T1566 · NIST SI-8

PH-03 · Homograph link behind a shortener

High

Evidence. The button resolves through a shortener to a homograph domain imitating the login page.

Risk. Credential theft if the recipient signs in on the fake page.

Defensive countermeasure. Detonate links in a sandbox, block the destination, and enable phishing-resistant MFA.

MITRE ATT&CK T1566.002 · CWE-1007 · NIST IA-2

Related NeoShield tool

Open Phishing Analyzer →

Defensive use only. This platform is for defensive and authorized security work only. Do not scan, test, or analyze systems you do not own or have explicit permission to assess. Sample reports never include offensive exploit steps.