The Human Firewall Starts Here
Abishalini Kovintharajan
Hi Folks,
Let me tell you a quick story. This is not to scare you, but to prepare you.
A few years ago, I received an email that looked completely normal. It had my university’s logo. A subject line about an important update regarding unpaid-tution fee. A link I thought I had to click. So I did. Within seconds, my laptop froze. My screen went black. Then a message appeared that I’ll never forget.
“Your files have been encrypted. Pay now to restore access.”
My hands shook. My heart raced. I had no idea what just happened, only that I’d made a huge mistake. That single click taught me a painful truth. Yes! Cybersecurity isn’t optional. it’s personal. But instead of running from that fear, I used it as fuel. I started learning, one step at a time—what threats look like, how attacks happen, and how to protect myself and others.
Now, I’m on a mission to help others avoid that same mistake.
“95% of cyber breaches happen due to human error. Let’s reduce that with one smart decision at a time.”
Welcome to Day 1 of our cyber awareness journey. Today’s topic is all about Phishing. This is one of the most common and dangerous threats out there.
What Is Phishing?
Phishing is a form of social engineering where the attackers disguise themselves as trustworthy entities in emails or messages.
What their(attacker’s) goal?
They trick you into, clicking malicious links, downloading malware, giving away your credentials (like PII, usernames, passwords, or payment card details).
It might look like a message from your bank, or a delivery service, or even your own company’s IT team. But it’s totally might be fake. So always verify before do any action blindly.
What Happened Technically?
When I clicked that link, I unknowingly downloaded a malicious file. It most likely a ransomware payload.
Here’s what likely happened behind the scenes:
The email had a spoofed sender address (e.g., admin@myuniversity-paymentsupport.co).
The link redirected to a fake login page or auto-downloaded a file (possibly password protected .zip or .docm).
Upon clicking or opening the file, it ran a macro script or dropped a .exe payload.
This payload encrypted my personal files and displayed a ransom note demanding payment in Bitcoin.
Suspicious Email Header Analysis
Let’s look at this example of a classic phishing email header.
From: helpdesk@paypall.com
Recipient: victim@evilmail.ru
Subject: Immediate Action Needed – Your Account is Suspended!
What’s wrong here?
| Field | Suspicious Clue | Why It Matters |
| From | helpdesk@paypall.com | Look closely. What it says “paypall” with two l’s. |
| Recipient | victim@evilmail.ru | Not even close to PayPal. So its clear red flag. |
| Subject Line | Immediate Action Needed | Phishing often uses fear or urgency to panic users. |
Quick Prevention Tips
Don’t click any links or download attachments.
Check the sender’s full email address carefully (look for misspellings or odd domains).
Look out for urgent or threatening language trying to rush you.
Hover over links (without clicking) to see where they really go.
If unsure, don’t take action yourself. Forward the email to your company’s IT or security team, or delete it if you’re an individual user with no support team.
Keep your software and antivirus up to date to help block malicious content.
Recommended Online Tool for Email Header Analysis
MXToolbox – Header Analyzer
Paste your email headers and get a visual trace of each hop the email took. Identifies delays, spoofed IPs, and spam flags. Good for quick overview and troubleshooting mail flow.
IPinfo – IP Lookup
When you find an IP address in the Received: header, plug it in here. Get geolocation, ASN (ISP info), and even abuse contact info. It will helpful for checking if the email came from an unusual or high-risk country.
When to Use These Tools?
After receiving a suspicious or unexpected email. While you are investigating malicious payloads or phishing links. When educating others like provide staff awareness training, visual breakdowns help people to understand threats.
Be Curious, Not Click-Happy
“Cybersecurity doesn’t always start with firewalls or fancy tools. It starts with you”.
Learning to read email headers and spot small inconsistencies can stop big threats. Phishing attacks rely on trust and speed. So, calm first and slow down, inspect, and stay skeptical. If something feels off, it probably is. Don’t click. Investigate.
Let’s build the Human Firewall — one smart action at a time.
Subscribe to my newsletter
Read articles from Abishalini Kovintharajan directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by