This field guide was written by Brian T. Carr during his internship at the Computer Emergency Response Team at the Center for Internet Security. Brian was tasked with analyzing suspicious emails submitted to the MS-ISAC and EI-ISAC on a daily basis. Brian analyzed hundreds of emails during this period.