SOC Analyst – Phishing Email Investigation

Suspicious Invoice Header Triage

Analyze a suspicious invoice email, identify the spoofing clues, and justify the response like a real analyst.

beginner30 min50 pts

Open the live workbench

Use the runtime panel to inspect the rendered evidence page, then download the .eml if you want to validate the raw message yourself.

Triaging headers

Compare the visible sender to the underlying path the message took. Identify the first clue that says this is not normal vendor mail.

Make the analyst call

Decide whether the message should be delivered, quarantined, or escalated. Your answer should reflect the evidence, not just suspicion.