Dissecting Targeted and Mass Phishing

I investigate phishing reports end-to-end: email header inspection, sender authentication review, URL and attachment detonation, and identification of the malicious infrastructure behind targeted and mass campaigns.

Findings feed directly into containment—blocking infrastructure, hunting for impacted users, and validating that no follow-on activity slipped through the gap.

Each investigation closes the loop with detection improvements and user-facing context, so the same lure does not succeed twice.