可疑邮件分析器 | 钓鱼邮件检测、诈骗邮件分析、邮件安全威胁评估工具

Suspicious Email Analyzer by claude-office-skills/skills

40 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/claude-office-skills/skills --skill 'Suspicious Email Analyzer'

办公软件自动化安全

🇨🇳中文介绍

可疑邮件分析器

分析邮件中的钓鱼尝试、诈骗和安全威胁，以防范欺诈。

概述

此技能可帮助您：

识别钓鱼尝试
检测诈骗模式
分析可疑链接
评估邮件真实性
推荐安全操作

使用方法

分析邮件

"Is this email legitimate?"
"Check this email for phishing"
"Analyze this suspicious message"

提供邮件内容

请包含：

发件人邮箱地址
邮件主题
完整的邮件正文
任何链接（请勿点击它们！）

威胁指标

危险信号检查清单

## Email Security Assessment

### Sender Analysis
- [ ] **域名不匹配**：显示名称与邮箱域名不匹配
- [ ] **仿冒域名**：microsoft.corn, amaz0n.com
- [ ] **商业用途使用免费邮箱**：官方公司使用 gmail.com
- [ ] **随机字符**：x7y2z@suspicious.com
- [ ] **无回复地址**：无法回复发件人

### Content Analysis
- [ ] **紧急施压**："立即行动"，"账户已暂停"
- [ ] **威胁性语言**："法律行动"，"账户关闭"
- [ ] **好得令人难以置信**：中奖者，遗产继承
- [ ] **通用问候语**："尊敬的客户" 对比您的姓名
- [ ] **语法/拼写错误**：不寻常的错误
- [ ] **索取敏感信息**：密码、社会安全号码、信用卡
- [ ] **意外附件**：尤其是 .exe, .zip, .docm

### Link Analysis
- [ ] **悬停显示不同 URL**：显示链接与实际链接不同
- [ ] **短链接**：bit.ly, tinyurl 隐藏真实目的地
- [ ] **HTTP（非 HTTPS）**：用于敏感页面的不安全连接
- [ ] **拼写错误的域名**：paypa1.com, netlfix.com
- [ ] **IP 地址 URL**：http://192.168.1.1/login
- [ ] **过多的子域名**：secure.login.verify.site.com

### Technical Indicators
- [ ] **缺少安全标头**：SPF, DKIM, DMARC 验证失败
- [ ] **异常的发送时间**：凌晨 3 点来自"本地银行"
- [ ] **批量邮件标记**：存在群发邮件标头

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

相关 Skills

FlyClaw：零登录航班聚合查询工具，Python实现多源航班信息与价格搜索

4,000,000 周安装

Azure RBAC 权限管理工具：查找最小角色、创建自定义角色与自动化分配

117,000 周安装

GitHub Actions 官方文档查询助手 - 精准解答 CI/CD 工作流问题

31,800 周安装

Skills CLI 使用指南：AI Agent 技能包管理器安装与管理教程

31,600 周安装

# Email Security Analysis

## Summary
| Attribute | Value |
|-----------|-------|
| **Threat Level** | 🔴 HIGH / 🟠 MEDIUM / 🟡 LOW / 🟢 SAFE |
| **Confidence** | [X]% |
| **Verdict** | Likely Phishing / Suspicious / Legitimate |

## Sender Analysis

### Email Address
- **Display Name**: PayPal Security Team
- **Actual Address**: security@paypa1-verify.com
- **Status**: 🔴 SUSPICIOUS

### Issues Found
1. ❌ Domain "paypa1-verify.com" is not official PayPal
2. ❌ Uses number "1" instead of letter "l"
3. ❌ Domain registered 3 days ago

## Content Analysis

### Subject: "Urgent: Your Account Has Been Limited"
- 🔴 Uses urgency tactic
- 🔴 Threatening language

### Body Issues
| Issue | Example | Severity |
|-------|---------|----------|
| Generic greeting | "Dear Customer" | 🟡 Medium |
| Urgency | "within 24 hours" | 🔴 High |
| Threat | "account suspended" | 🔴 High |
| Grammar | "Please to verify" | 🟠 Medium |

### Requests Made
- ❌ Asks to click link
- ❌ Requests login credentials
- ❌ Asks for personal information

## Link Analysis

### Link Found
- **Display**: "Verify Your Account"
- **Actual URL**: http://paypa1-verify.com/login
- **Status**: 🔴 DANGEROUS

### URL Issues
1. ❌ Domain is not paypal.com
2. ❌ Uses HTTP (insecure)
3. ❌ Suspicious path mimics login

## Conclusion

### Verdict: 🔴 PHISHING ATTEMPT

This email shows multiple indicators of a phishing attack:
1. Fake sender domain mimicking PayPal
2. Urgency and threat tactics
3. Link to fraudulent website
4. Request for login credentials

### Recommended Actions
1. ✅ Do NOT click any links
2. ✅ Do NOT reply to this email
3. ✅ Report to phishing@paypal.com
4. ✅ Delete the email
5. ✅ If clicked link, change password immediately

## Phishing Attack Types

### 1. Credential Phishing
**目标**：窃取登录凭证
**伪装成**：银行、电子邮件提供商、社交媒体
**策略**：伪造登录页面、紧急账户问题
**示例**："您的账户密码今天到期"

### 2. CEO/商务邮件诈骗
**目标**：电汇欺诈
**伪装成**：高管、供应商、合作伙伴
**策略**：紧急性、权威性、保密性
**示例**："请电汇 5 万美元用于紧急交易，请保密"

### 3. 技术支持诈骗
**目标**：远程访问或付款
**伪装成**：Microsoft, Apple, ISP
**策略**：虚假病毒警报、账户被盗用
**示例**："我们检测到您的计算机上有病毒，请立即致电"

### 4. 发票/付款诈骗
**目标**：向欺诈账户付款
**伪装成**：供应商、客户、内部人员
**策略**：虚假发票、更改银行信息
**示例**："发票付款的银行账户已更新"

### 5. 包裹递送诈骗
**目标**：凭证或恶意软件
**伪装成**：FedEx, UPS, USPS, DHL
**策略**：递送失败、跟踪问题
**示例**："包裹无法递送，点击重新安排"

### 6. 税务/政府诈骗
**目标**：个人信息或付款
**伪装成**：IRS, SSA, 政府机构
**策略**：法律威胁、退款承诺
**示例**："IRS 通知：需要立即采取行动"

## Response Protocol

### If Email is SUSPICIOUS (🔴🟠)
1. ❌ 请勿点击链接
2. ❌ 请勿下载附件
3. ❌ 请勿回复
4. ❌ 请勿拨打邮件中的电话号码
5. ✅ 通过官方渠道验证
   - 直接访问官方网站（手动输入 URL）
   - 拨打已知的客户服务电话
6. ✅ 报告该邮件
   - 转发给 IT 安全部门
   - 报告给被冒充的公司
7. ✅ 删除邮件

### If You Already Clicked
1. ✅ 断开互联网连接（如果怀疑有恶意软件）
2. ✅ 立即更改密码
3. ✅ 启用双重身份验证
4. ✅ 监控账户是否有可疑活动
5. ✅ 运行防病毒扫描
6. ✅ 向 IT 部门报告
7. ✅ 如果分享了财务信息，考虑信用监控

### Reporting Channels
- **通用钓鱼邮件**：reportphishing@apwg.org
- **IRS 诈骗**：phishing@irs.gov
- **FTC**：reportfraud.ftc.gov
- **公司特定**：通常是 phishing@company.com

🇺🇸English

Suspicious Email Analyzer

Analyze emails for phishing attempts, scams, and security threats to protect against fraud.

Overview

This skill helps you:

Identify phishing attempts
Detect scam patterns
Analyze suspicious links
Assess email authenticity
Recommend safe actions

How to Use

Analyze an Email

"Is this email legitimate?"
"Check this email for phishing"
"Analyze this suspicious message"

Provide Email Content

Include:

Sender email address
Subject line
Full email body
Any links (don't click them!)

Threat Indicators

Red Flags Checklist

## Email Security Assessment

### Sender Analysis
- [ ] **Domain mismatch**: Display name doesn't match email domain
- [ ] **Lookalike domain**: microsoft.corn, amaz0n.com
- [ ] **Free email for business**: Official company using gmail.com
- [ ] **Random characters**: x7y2z@suspicious.com
- [ ] **No reply-to**: Cannot respond to sender

### Content Analysis
- [ ] **Urgency pressure**: "Act NOW", "Account suspended"
- [ ] **Threat language**: "Legal action", "Account closure"
- [ ] **Too good to be true**: Prize winner, inheritance
- [ ] **Generic greeting**: "Dear Customer" vs your name
- [ ] **Grammar/spelling errors**: Unusual mistakes
- [ ] **Requests sensitive info**: Password, SSN, credit card
- [ ] **Unexpected attachment**: Especially .exe, .zip, .docm

### Link Analysis
- [ ] **Hover reveals different URL**: Display vs actual link
- [ ] **Shortened URLs**: bit.ly, tinyurl hiding destination
- [ ] **HTTP (not HTTPS)**: Insecure for sensitive pages
- [ ] **Misspelled domains**: paypa1.com, netlfix.com
- [ ] **IP address URLs**: http://192.168.1.1/login
- [ ] **Excessive subdomains**: secure.login.verify.site.com

### Technical Indicators
- [ ] **Missing security headers**: SPF, DKIM, DMARC fail
- [ ] **Unusual sending time**: 3 AM from "local bank"
- [ ] **Bulk email markers**: Mass mail headers present

Analysis Output

Threat Assessment Report

# Email Security Analysis

## Summary
| Attribute | Value |
|-----------|-------|
| **Threat Level** | 🔴 HIGH / 🟠 MEDIUM / 🟡 LOW / 🟢 SAFE |
| **Confidence** | [X]% |
| **Verdict** | Likely Phishing / Suspicious / Legitimate |

## Sender Analysis

### Email Address
- **Display Name**: PayPal Security Team
- **Actual Address**: security@paypa1-verify.com
- **Status**: 🔴 SUSPICIOUS

### Issues Found
1. ❌ Domain "paypa1-verify.com" is not official PayPal
2. ❌ Uses number "1" instead of letter "l"
3. ❌ Domain registered 3 days ago

## Content Analysis

### Subject: "Urgent: Your Account Has Been Limited"
- 🔴 Uses urgency tactic
- 🔴 Threatening language

### Body Issues
| Issue | Example | Severity |
|-------|---------|----------|
| Generic greeting | "Dear Customer" | 🟡 Medium |
| Urgency | "within 24 hours" | 🔴 High |
| Threat | "account suspended" | 🔴 High |
| Grammar | "Please to verify" | 🟠 Medium |

### Requests Made
- ❌ Asks to click link
- ❌ Requests login credentials
- ❌ Asks for personal information

## Link Analysis

### Link Found
- **Display**: "Verify Your Account"
- **Actual URL**: http://paypa1-verify.com/login
- **Status**: 🔴 DANGEROUS

### URL Issues
1. ❌ Domain is not paypal.com
2. ❌ Uses HTTP (insecure)
3. ❌ Suspicious path mimics login

## Conclusion

### Verdict: 🔴 PHISHING ATTEMPT

This email shows multiple indicators of a phishing attack:
1. Fake sender domain mimicking PayPal
2. Urgency and threat tactics
3. Link to fraudulent website
4. Request for login credentials

### Recommended Actions
1. ✅ Do NOT click any links
2. ✅ Do NOT reply to this email
3. ✅ Report to phishing@paypal.com
4. ✅ Delete the email
5. ✅ If clicked link, change password immediately

Common Scam Types

Phishing Categories

## Phishing Attack Types

### 1. Credential Phishing
**Goal**: Steal login credentials
**Pretends to be**: Banks, email providers, social media
**Tactics**: Fake login pages, urgent account issues
**Example**: "Your account password expires today"

### 2. CEO/Business Email Compromise
**Goal**: Wire transfer fraud
**Pretends to be**: Executive, vendor, partner
**Tactics**: Urgency, authority, secrecy
**Example**: "Please wire $50K for urgent deal, keep confidential"

### 3. Technical Support Scam
**Goal**: Remote access or payment
**Pretends to be**: Microsoft, Apple, ISP
**Tactics**: Fake virus alerts, account compromise
**Example**: "We detected virus on your computer, call now"

### 4. Invoice/Payment Scam
**Goal**: Payment to fraudulent account
**Pretends to be**: Vendor, client, internal
**Tactics**: Fake invoices, changed bank details
**Example**: "Updated bank account for invoice payment"

### 5. Package Delivery Scam
**Goal**: Credentials or malware
**Pretends to be**: FedEx, UPS, USPS, DHL
**Tactics**: Failed delivery, tracking issues
**Example**: "Package could not be delivered, click to reschedule"

### 6. Tax/Government Scam
**Goal**: Personal info or payment
**Pretends to be**: IRS, SSA, government agency
**Tactics**: Legal threats, refund promises
**Example**: "IRS Notice: Immediate action required"

Legitimate vs Phishing Comparison

## How to Spot the Difference

### Banking Email Example

| Aspect | Legitimate | Phishing |
|--------|------------|----------|
| From | alerts@chase.com | chase-alert@gmail.com |
| Greeting | "Hi John Smith" | "Dear Customer" |
| Urgency | "Review when convenient" | "IMMEDIATE ACTION REQUIRED" |
| Links | Links to chase.com | Links to chase-verify.com |
| Action | "Log in to your account" | "Enter password here" |
| Tone | Professional, calm | Threatening, urgent |
| Personalization | Account ending 4532 | No specifics |

Action Guidelines

What To Do

## Response Protocol

### If Email is SUSPICIOUS (🔴🟠)
1. ❌ Do NOT click links
2. ❌ Do NOT download attachments
3. ❌ Do NOT reply
4. ❌ Do NOT call numbers in email
5. ✅ Verify through official channels
   - Go to official website directly (type URL)
   - Call known customer service number
6. ✅ Report the email
   - Forward to IT security
   - Report to company being impersonated
7. ✅ Delete the email

### If You Already Clicked
1. ✅ Disconnect from internet (if malware suspected)
2. ✅ Change passwords immediately
3. ✅ Enable 2-factor authentication
4. ✅ Monitor accounts for suspicious activity
5. ✅ Run antivirus scan
6. ✅ Report to IT department
7. ✅ Consider credit monitoring if financial info shared

### Reporting Channels
- **Generic phishing**: reportphishing@apwg.org
- **IRS scams**: phishing@irs.gov
- **FTC**: reportfraud.ftc.gov
- **Company specific**: Usually phishing@company.com

Email Header Analysis

What to Check

## Email Header Deep Dive

### Key Headers to Review
| Header | What It Shows |
|--------|---------------|
| From | Displayed sender |
| Return-Path | Actual reply address |
| Received | Server path (bottom = origin) |
| SPF | Sender authorized? |
| DKIM | Signature valid? |
| DMARC | Policy result |

### Authentication Results
| Result | Meaning |
|--------|---------|
| pass | Legitimate |
| fail | Likely spoofed |
| softfail | Possibly spoofed |
| none | No policy set |

Limitations

Cannot access actual email headers without them being provided
Cannot verify real-time domain reputation
Cannot click or analyze live links
Some sophisticated phishing may pass analysis
Legitimate emails may have some warning signs
Human judgment is essential for final decision

Weekly Installs

Repository

claude-office-s…s/skills

GitHub Stars

First Seen

Jan 1, 1970

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass