Sample PhishCheck Analysis Report
Example of a comprehensive email threat analysis from PhishCheck
PHISHING DETECTEDAnalysis completed in 28 seconds
⚠️ DO NOT interact with this email
This email is a credential harvesting attack impersonating Microsoft. Delete immediately and do not click any links or download attachments.
Email Summary
Microsoft Security <noreply@secure-microsoft-alerts.com>
support@secure-microsoft-alerts.com
[ACTION REQUIRED] Verify your Microsoft account within 24 hours
2026-01-01 14:23:17 EST
Critical Findings
Fake Microsoft Login Page Detected
Link redirects to credential harvesting site designed to steal usernames and passwords. Page mimics Microsoft login but hosted on suspicious domain.
Domain Impersonation
Sender domain "secure-microsoft-alerts.com" is not owned by Microsoft. Registered 3 days ago using privacy protection service.
Authentication Failures
SPF: FAIL - Sending server not authorized by domain owner
DKIM: MISSING - No cryptographic signature present
DMARC: FAIL - Domain policy violated
Urgency Tactics
Email uses fear-based language ("ACTION REQUIRED", "within 24 hours") to pressure immediate action without verification.
Link Analysis (3 links found)
Malicious Link #1
https://microsoft-account-verify[.]tk/login?ref=email&id=a8f3k2
Display Text: "Verify Your Account Now"
Landing Page: Fake Microsoft login form
Risk: Credential harvesting (steals usernames/passwords)
Domain Age: 3 days old
SSL Certificate: Self-signed (not trusted)
Malicious Link #2
https://bit[.]ly/ms-account-security
Display Text: "Learn More About Account Security"
URL Shortener: Redirects to same credential harvesting site
Risk: Obscures true destination
Unsubscribe Link (Safe)
https://secure-microsoft-alerts[.]com/unsubscribe
Status: No immediate threat detected
Note: Still on suspicious domain - do not click
Attachment Analysis (No attachments)
This email contained no attachments. Phishing emails may include malicious attachments containing malware, ransomware, or macro viruses.
Brand Impersonation Detection
Microsoft Brand Impersonation Detected
- Email claims to be from "Microsoft Security"
- Uses Microsoft logo and branding elements
- Domain does NOT belong to Microsoft Corporation
- Legitimate Microsoft security alerts come from @microsoft.com or @account.microsoft.com
Technical Authentication Details
SPF (Sender Policy Framework)
Sending server IP: 45.142.212.67 (Bulgaria)
Not authorized by domain "secure-microsoft-alerts.com"
DKIM (DomainKeys Identified Mail)
No DKIM signature found - email integrity cannot be verified
DMARC (Domain-based Message Authentication)
Domain policy: p=reject (should be blocked)
Neither SPF nor DKIM aligned with From address
Transport Security
Email transmitted with TLS encryption between some servers, but originated from insecure source
Recommended Actions
- Delete this email immediately - Do not click any links or download attachments
- Report as phishing to your email provider (Gmail, Outlook, etc.)
- Verify directly - If concerned about your Microsoft account, visit account.microsoft.com directly (type URL, don't click links)
- Enable two-factor authentication (2FA) on your Microsoft account for additional security
- Check for similar emails - Search inbox for other messages from this sender
- Educate others - Forward this analysis to your IT/security team if this is a work email
How PhishCheck Analyzed This Email
PhishCheck performed a comprehensive 28-second analysis that went far beyond what email headers can reveal:
- Link Following: Clicked all 3 links and analyzed landing pages
- Credential Harvesting Detection: Identified fake login forms designed to steal passwords
- Brand Analysis: Detected Microsoft impersonation using visual similarity matching
- Domain Intelligence: Checked domain age, registration, and reputation
- Authentication Verification: Validated SPF, DKIM, and DMARC records
- Attachment Scanning: Checked for malware, viruses, and ransomware (none found)
- Social Engineering Analysis: Detected urgency tactics and fear-based language
HeaderScope vs. PhishCheck
HeaderScope analyzes email headers for authentication and routing information. PhishCheck goes further by following links, detecting fake login pages, scanning attachments for malware, and identifying brand impersonation - providing a complete 30-second threat analysis.