Unusual display name in From header

Cortex XDR Analytics Alert Reference by Alert name
Product
Cortex XDR
Last date published
2026-03-10
Category
Analytics Alert Reference
Index by
Alert name

Synopsis

Activation Period

14 Days

Training Period

30 Days

Test Period

N/A (single event)

Deduplication Period

1 Day

Required Data

  • Requires:
    • Microsoft 365 Emails

Detection Modules

Email

Detector Tags

ATT&CK Tactic

ATT&CK Technique

Severity

Informational

Description

An email was detected with an unusual display name in the From header.

Attacker's Goals

Evade defenses and hide potential malicious data inside the email display name.

Investigative actions

  • Analyze the email further to determine the source of the anomaly and what can be done about it.

Variations

Unusual display name in the From header containing an embedded URL

Synopsis

ATT&CK Tactic

ATT&CK Technique

Severity

Low

Description

An email was detected with an unusual sender display name in the From header containing an embedded URL.

Attacker's Goals

Evade defenses and hide potential malicious data inside the email display name.

Investigative actions

  • Analyze the email further to determine the source of the anomaly and what can be done about it.


Unusual display name in the From header that is identical to the email address

Synopsis

ATT&CK Tactic

ATT&CK Technique

Severity

Informational

Description

An email was detected where the display name in the From header is unusual and matches the sender email address.

Attacker's Goals

Evade defenses and hide potential malicious data inside the email display name.

Investigative actions

  • Analyze the email further to determine the source of the anomaly and what can be done about it.