I documented the triage and response steps for a phishing incident, including identifying sender IOCs, analyzing payloads, and recommending user awareness training.