Email Security

The detecting-business-email-compromise skill helps analysts, SOC teams, and incident responders identify BEC attempts using email-header checks, social-engineering clues, detection logic, and response-oriented workflows. Use it as a practical detecting-business-email-compromise guide for triage, validation, and containment.

The detecting-email-forwarding-rules-attack skill helps Security Audit, threat hunting, and incident response teams find malicious mailbox forwarding rules used for persistence and email collection. It guides analysts through Microsoft 365 and Exchange evidence, suspicious rule patterns, and practical triage for forwarding, redirect, delete, and hide behaviors.

detecting-email-account-compromise helps incident responders and SOC analysts investigate Microsoft 365 and Google Workspace mailbox takeover by checking suspicious sign-ins, inbox rule abuse, external forwarding, OAuth grants, and Graph/audit-log activity. Use it as a practical detecting-email-account-compromise guide for fast triage.

Detect business email compromise with AI using NLP, stylometry, behavioral signals, and relationship context. This detecting-business-email-compromise-with-ai skill helps SOC, fraud, and Security Audit teams score suspicious emails, explain risk signals, and decide whether to quarantine, warn, or escalate.

The conducting-phishing-incident-response skill helps investigate suspicious emails, extract indicators, assess authentication, and recommend phishing response actions. It supports Incident Response workflows for message triage, credential-phishing cases, URL and attachment checks, and mailbox remediation. Use it when you need a structured guide instead of a generic prompt.