- Understanding the importance of being able to identify phishing emails.
- Review selected emails and report your findings on whether each is safe or malicious.
You have been allocated a number of emails to investigate. Your job is to identify whether the emails are malicious or safe.
If you identify malicious content within the emails, you will need to write a brief report detailing why it is malicious.
Phishing is when someone attempts to fraudulently obtain your personal information and security credentials via an electronic message that impersonates a trustworthy entity. The message will often instruct you to follow a link and then enter your personal information.
To ensure that a website is a safe and genuine ANZ page, please make sure that you are on a secure website by checking if there is a Socket Layer (SSL) Certificate. To check that you are on a site with a SSL Certificate:
→ Check the address bar of your browser to see if ANZs website address has changed from http:// to https://
→ Check to see if a security icon that looks like a lock or a key is visible near the address bar on any page that you need to enter your security credentials. Clicking on the icon will provide you with more information about ANZ's SSL Certificate.
To minimise your chances of becoming a victim of a Phishing scam:
→ Treat all emails that request your personal information or security credentials with caution. ANZ will not send you an email asking for your personal information or your security credentials.
→ If you use a password to access your online accounts, change it on a regular basis.
→Keep your anti-virus and firewalls up-to-date and perform regular scans of your computer.
If you are unsure if the email is really from ANZ contact the Customer Service Centre before following any instructions or clicking on any links contained in the email.
You have been assigned 7 emails to investigate. Some of these emails may contain content which can be classed as malicious, due to a number of reasons. They may contain malicious attachments, suspicious links, or Phishing attempts to gather private account information from the user.
You are expected to report your findings on each email, so that we can either block or release these emails to the users.
Please download the 'Emails to Investigate' pdf below to view the emails and then use the Answer Template to record your findings.
- Review the emails in the 'Emails to Investigate' PDF.
- Emails to Investigate
- Use the Answer Template to record your findings.
- Submit your findings to the SOC Manager.
- Investigate suspicious network activity coming from a user on the network.
- Examine a packet capture file containing a user's network activity.
- Produce a report identifying any artifacts the user may have accessed.
Suspicious network activity has been detected coming from a user on the ANZ network.
A laptop has been flagged up on our security systems due to suspicious internet traffic, and we need you to investigate the network traffic in order to establish what the user accessed and downloaded.
Your task is to examine their network activity and gather what information you can on what images they viewed and what files they accessed.
You have been provided with a packet capture file (pcap) containing all their recent network activity. There may be a number of artifacts contained within the packet capture file, and you will be expected to identify and report as many as possible.
You must provide a report on everything you found, and document what processes / steps you followed to achieve this.
- Download the packet capture file below.
- Download HxD (hex editor)
- Open the pcap file
- Examine the packet capture file to identify any artifacts the user accessed.
- Review the Task 2 Answer Template to record your findings.
- Review the Task 2 - Tips & Hints for guidance on how to approach this task.
- Submit your findings to the SOC Manager.