Skip to main content


Blue Team Playbook

Phishing Attack Playbook

Phishing Attack Playbook:

1) Identification of network attack

  • look for signs of a phishing attack, refer to flowchart.
  • If you are still unsure contact IT department.

2 ) Disconnect the infected computer from the network

  • If the flowchart indicates you have been compromised by a phishing attack, you should immediately disconnect the machine from the network.
  • Isolate the machine before powering back on.

3) Scan computer with updated antivirus and anti-malware

  • system logs should be collected and analysed to better understand how you were compromised and to identify what if anything was accomplished by this attack.

4) Remove all suspected files and software

  • If any suspicious files or programs were detected, remove them immediately
  • A system bench mark should be implemented and referred to at this point.
  • The logs should be referenced, any files or programs that came onto the system via this phishing attack should be removed, even if the anti-malware didn't flag it as suspicious.
  • Ensure that the computer is free of malware and viruses before connecting to the network.

5) Remediation

  • more phishing awareness training is the best way to avoid this type of attack from being successful the next time.
  • running antivirus and anti malware on all machines would be ideal. Have them run automatically as a scheduled task.