Reader Robert submitted a phishing email (msg file).
Robert’s submission inspired me to add a small feature to plugin_msg_summary: it will now search through all streams for URLs, and report them.
This way, one can now immediately see the phishing URLs in phishing emails:
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.