Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
10 Minutes |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Medium |
Description
Multiple factors potentially indicating a brand impersonation have been spotted in an email conversation.
Attacker's Goals
Impersonate known legitimate brands or other technological entities to trick recipients into disclosing information or execute malicious code unwillingly.
Investigative actions
- Identify the specific emails responsible for the accumulation of these alerts.
- Review their headers and content for patterns or anomalies.
- Assess the email's context and attack techniques to determine the potential risk.
- Review the email headers and metadata of each flagged email to identify potential spoofing techniques or unusual routing patterns.
- Analyze any URLs or attachments in a secure sandbox environment to detect possible malware or phishing attempts.
- Engage potentially affected users to understand if any actions were taken in response to these emails, which could increase the overall risk.
- Document and escalate findings in case this is a broader phenomenon.