Professional Documents
Culture Documents
Playbooks-Mitigation of Phishing Campaigns
Playbooks-Mitigation of Phishing Campaigns
Playbooks-Mitigation of Phishing Campaigns
https://www.demisto.com/phishing-incident-response-playbook/
Name
Institutional Affiliation
Date of Submission
PLAYBOOK 2
Introduction
also increase. However, comprehension as well as protection of the computer systems from these
potential crippling threats is slowly becoming challenging and difficult also. In this regard
therefore, every organization is on the run to try to protect against any possible attack for
instance, adware.
as well as recovering from cyber security incidents (Szymanski, 2009). Therefore, the article is
going to talk about “Phishing Incident Response Playbook” focusing on a fictional company
In this regard, this virtual company handles basically, credit card, Apple Pay, as well as
Bitcoin payments. Additionally, this organization operates a large data warehouse and therefore
gathers very sensitive customers’ data. Therefore, customer as well as credit card data seem to be
the most valuable assets for the company. It has been identified that the greatest threat to the
most valuable data of the organization is the data theft enabled by social engineering (e-mail
Objective Statement
This Playbook is meant to provide instructions for handling end-user reported phishing
campaigns against Royal Acacia employees. The goal is the prevention of the introduction of
backdoors into the company infrastructure, which may lead to data theft.
PLAYBOOK 3
The process will therefore help in lowering the success rate of the phishing campaign though
Phishing refers to a type of social engineering attack which is typically used in stealing
the user data such as the login credentials, credit card numbers et cetera. Usually, Phishing
happens when the attacker, masquerading or pretend to be a trusted entity hence, duping the
victim into opening an email. After that, the victim is then deceived so that they can click a
malicious link and this result in the installation of malware, freezing of the system, disclosure of
delicate data (Mitra, 2019). Since the virtual company handles basically, credit card, Apple Pay,
sensitive customer data as well as Bitcoin payments, with phishing emails, all this crucial
information is likely to be stolen, distorted, destroyed and disclosed. The article therefore tries to
The most attack vector in this case is Email-Phishing. While the exploited vulnerability
of this incident is the Credit card data and the sensitive customer data Since the virtual company
handles basically, credit card, Apple Pay, sensitive customer data as well as Bitcoin payments
(Mitra, 2019).
PLAYBOOK 4
Stolen of customers Credit Card details which the attackers can use to withdraw money
from the account or to make an online transaction using the victim’s money.
Since the incident will have already been confirmed to be a Phishing email, the first
step may start with alerting the employees of the company by warning the end-users of
Sending the template to the company’s internal PR while at the same time informing the
Contacting the company’s IT requesting them to block all incoming emails based on a
This is achieved by Sending the original email to organization’s IT so that they can be
This is then followed by Checking the SMTP logs to see if similar email has been
This is then followed by Engaging the IT to help in removing similar emails from the
Going to https://splunk.royalacacia.com
Searching for the sender email address from the original phish
Contacting the IT so that they can help in removing the phishes from the affected
References