Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
Brand Impersonation |
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
Sender headers include a well-known brand with header inconsistencies indicating possible impersonation.
Attacker's Goals
Impersonate known legitimate brands or other technological entities to trick recipients into disclosing information or executing malicious code unwillingly.
Investigative actions
- Identify the specific emails responsible for the accumulation of these alerts.
- Review their headers and content for patterns or anomalies.
- Assess the email's context and attack techniques to determine the potential risk.
- Review the email headers and metadata of each flagged email to identify potential spoofing techniques or unusual routing patterns.
- Analyze any URLs or attachments in a secure sandbox environment to detect possible malware or phishing attempts.
- Engage potentially affected users to understand if any actions were taken in response to these emails, which could increase the overall risk.
- Document and escalate findings in case this is a broader phenomenon.