Analyze suspicious emails, messages, and links for phishing indicators. Use when the user asks "is this email real?", shares a suspicious link, or wants to verify a message's legitimacy.
Analyze suspicious communications for phishing, social engineering, and scam indicators.
[email protected] vs [email protected])| Flag | Example |
|---|---|
| Manufactured urgency | "Your account will be suspended in 24 hours" |
| Threat of loss | "You will lose access to all your files" |
| Too-good-to-be-true | "You've won $10,000! Claim now" |
| Request for credentials | "Please verify your password" |
| Request for payment | "Wire $500 to resolve this issue" |
| Unusual request from authority | "CEO" asking for gift cards via email |
| Grammar/spelling errors | Professional organizations don't send sloppy emails |
| Generic greeting | "Dear Customer" instead of your name |
| Mismatched tone | A "bank" email that reads like a text message |
paypaI.com with uppercase I instead of lowercase l)gooogle.com, micr0soft.com).xyz, .top, .buzz for a supposed bank)apple.com.verify-account.xyz).exe, .scr, .js, .vbs, .html)invoice.pdf.exe)URGENT_invoice.pdf)## Phishing Analysis
### Sender
- Email: [actual sender address]
- Display name: [what the user sees]
- Domain check: [legitimate / suspicious / spoofed]
### Content Indicators
- [List each flag found, or "none detected"]
### Links Found
- Displayed: [what the user sees]
- Actual: [where it really goes]
- Domain age: [if checkable]
- Verdict: [safe / suspicious / malicious]
### Verdict: [Legitimate / Suspicious / Phishing]
**Confidence:** [High / Medium / Low]
**Reasoning:** [Specific evidence for the verdict]
### Recommended Action
- [What the user should do]
| Type | How It Works | Key Indicator |
|---|---|---|
| Credential harvesting | Fake login page mimicking a real service | URL doesn't match the real service domain |
| BEC (Business Email Compromise) | Impersonating a colleague or executive | Unusual request + slightly off email address |
| Invoice fraud | Fake invoice with attacker's bank details | Unexpected invoice, different bank details than usual |
| Smishing | SMS with malicious link | Short URL + urgency + from unknown number |
| Spear phishing | Targeted attack using personal details | Very convincing but asks for something unusual |
| Clone phishing | Copy of a real email with malicious link swapped in | Almost identical to a real email you received before |