EdvinPiirsalu/phishing-account-takeover

# Phishing & Account Takeover Incident Response Report ## Overview This repository contains a real cybersecurity incident response report involving a phishing attack and account takeover (ATO) targeting a hospitality organization. The objective of this project was to demonstrate: * Incident response methodology * Threat analysis * IOC identification * Root cause analysis * Containment procedures * Security recommendations * Professional security documentation ## Incident Summary A phishing campaign targeted employees of Hotel La Rambla and resulted in unauthorized access to the Expedia Partner Extranet account. The attacker: * Used phishing techniques * Performed social engineering * Obtained a password reset verification code * Took control of the account * Canceled guest reservations * Attempted fraudulent payment collection The incident was detected and contained rapidly, preventing confirmed financial and reputational losses. ## Skills Demonstrated * Incident Response * SOC Analysis * Phishing Investigation * Account Takeover Analysis * IOC Documentation * Threat Detection * Security Reporting * Risk Assessment ## MITRE ATT&CK Techniques * T1566 — Phishing * T1078 — Valid Accounts * T1656 — Impersonation ## Files - [View Incident Report PDF](https://github.com/EdvinPiirsalu/phishing-account-takeover/blob/main/Cybersecurity_Incident_Report_001_Hotel_La_Rambla.pdf) ## Disclaimer This report was created for educational and portfolio purposes, documenting real incident analysis methodology applied to a hospitality sector case. ## Author Edvin Johannes, Piirsalu Security Analyst