Upload knowledge_base.txt

knowledge_base.txt

@@ -0,0 +1,23 @@
+# Phishing Knowledge Base
+
+## Common Phishing Indicators
+1. **Urgency and Threats**: Phishing emails often use urgent language (e.g., "Account Suspended", "Immediate Action Required") to panic users into clicking without thinking.
+2. **Mismatched URLs**: The visible link text (e.g., "paypal.com") does not match the actual destination URL (e.g., "paypal-secure-login.com").
+3. **Generic Greetings**: Legitimate organizations usually use your name. Phishing emails often use "Dear Customer" or "Dear User".
+4. **Request for Personal Information**: Legitimate companies rarely ask for sensitive info (passwords, SSN) via email.
+5. **Suspicious Domains**: Look for misspellings (e.g., "goog1e.com", "paypaI.com") or unusual TLDs.
+
+## URL Analysis Techniques
+- **Typosquatting**: Attackers register domains that look similar to popular domains (e.g., "faceboook.com").
+- **Subdomain Abuse**: Using long subdomains to hide the actual domain (e.g., "paypal.com.security-check.com" - the real domain is "security-check.com").
+- **URL Shorteners**: Using bit.ly or tinyurl to hide the destination.
+
+## Social Engineering Tactics
+- **Authority**: Impersonating CEOs, IT support, or government agencies.
+- **Scarcity**: "Only 24 hours left to claim your prize".
+- **Curiosity**: "Look at these photos of you".
+
+## Example Cases
+- **PayPal Phishing**: Emails claiming unauthorized transactions, asking to click a link to "dispute" the charge.
+- **Google Docs Phishing**: Fake login pages that look like Google Drive login screens.
+- **Bank Fraud**: SMS messages (Smishing) claiming a bank account is locked.