Multiple users in your organization report receiving similar suspicious emails. How would you analyze this as a potential phishing campaign using multiple log sources, and what steps would you take to determine its full scope and impact?

Sample answer preview

When multiple users report similar suspicious emails, you are likely dealing with a targeted phishing campaign rather than isolated spam. This requires a broader investigation that goes beyond analyzing a single email.