Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
2 Hours |
Deduplication Period |
1 Hour 30 Minutes |
Required Data |
|
Detection Modules |
Email |
Detector Tags |
Phishing |
ATT&CK Tactic |
Initial Access (TA0001) |
ATT&CK Technique |
Phishing (T1566) |
Severity |
Medium |
Description
This email contains multiple indicators consistent with a phishing attack. The message likely attempts to steal credentials, distribute malware, or trick recipients into performing actions that compromise security through deceptive content or suspicious technical characteristics.
Attacker's Goals
Trick recipients into revealing sensitive information, hijack the organization, or obtain money through deception.
Investigative actions
- Review the email headers and metadata of to identify potential spoofing techniques or unusual routing patterns.
- Analyze any URLs or attachments in a secure sandbox environment to detect possible malware or phishing attempts.
- Correlate findings with recent alerts in the SIEM to assess whether similar accumulation patterns are forming.
- Engage potentially affected users to understand if any actions were taken in response to this email, which could increase the overall risk.
- Document and escalate findings if the accumulation of warnings suggests a broader phishing campaign.
Variations
Potential Brand Impersonation has been detected
Synopsis
Description
This email appears to impersonate a legitimate brand or service provider to deceive recipients. Attackers often mimic trusted companies like banks, cloud services, or popular brands to steal credentials, distribute malware, or conduct fraudulent activities.
Attacker's Goals
Trick recipients into revealing sensitive information, hijack the organization, or obtain money through deception.
Investigative actions
- Review the email headers and metadata of to identify potential spoofing techniques or unusual routing patterns.
- Analyze any URLs or attachments in a secure sandbox environment to detect possible malware or phishing attempts.
- Correlate findings with recent alerts in the SIEM to assess whether similar accumulation patterns are forming.
- Engage potentially affected users to understand if any actions were taken in response to this email, which could increase the overall risk.
- Document and escalate findings if the accumulation of warnings suggests a broader phishing campaign.
Potential Spear Phishing has been detected
Synopsis
Description
This email represents a targeted spear phishing attack aimed at high-value personnel within your organization. These highly personalized attacks often target executives or privileged users to gain unauthorized access to sensitive systems or information.
Attacker's Goals
Trick recipients into revealing sensitive information, hijack the organization, or obtain money through deception.
Investigative actions
- Review the email headers and metadata of to identify potential spoofing techniques or unusual routing patterns.
- Analyze any URLs or attachments in a secure sandbox environment to detect possible malware or phishing attempts.
- Correlate findings with recent alerts in the SIEM to assess whether similar accumulation patterns are forming.
- Engage potentially affected users to understand if any actions were taken in response to this email, which could increase the overall risk.
- Document and escalate findings if the accumulation of warnings suggests a broader phishing campaign.
Potential Business Email Compromise has been detected
Synopsis
Description
This email exhibits characteristics of a Business Email Compromise attack, where threat actors impersonate executives or trusted business partners to manipulate recipients into authorizing fraudulent financial transactions or wire transfers.
Attacker's Goals
Trick recipients into revealing sensitive information, hijack the organization, or obtain money through deception.
Investigative actions
- Review the email headers and metadata of to identify potential spoofing techniques or unusual routing patterns.
- Analyze any URLs or attachments in a secure sandbox environment to detect possible malware or phishing attempts.
- Correlate findings with recent alerts in the SIEM to assess whether similar accumulation patterns are forming.
- Engage potentially affected users to understand if any actions were taken in response to this email, which could increase the overall risk.
- Document and escalate findings if the accumulation of warnings suggests a broader phishing campaign.
Potential Exfiltration has been detected
Synopsis
Description
This outbound email shows suspicious patterns consistent with data exfiltration attempts. The communication may involve unauthorized transmission of sensitive organizational data to external recipients through email channels.
Attacker's Goals
Trick recipients into revealing sensitive information, hijack the organization, or obtain money through deception.
Investigative actions
- Review the email headers and metadata of to identify potential spoofing techniques or unusual routing patterns.
- Analyze any URLs or attachments in a secure sandbox environment to detect possible malware or phishing attempts.
- Correlate findings with recent alerts in the SIEM to assess whether similar accumulation patterns are forming.
- Engage potentially affected users to understand if any actions were taken in response to this email, which could increase the overall risk.
- Document and escalate findings if the accumulation of warnings suggests a broader phishing campaign.