Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
Spoofing |
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
The detected mail server hostname had not been observed in the organization's emails in the past 30 days.
Attacker's Goals
Disguise the email's origin by spoofing the received header to appear as a trusted sender, impersonating a trusted source, aims to mislead recipients into disclosing private data or performing unsafe acts.
Investigative actions
- Review the email's received headers, to trace its path and spot spoofing signs.
- Examine the sender's IP address and domain reputation.
- Closely inspect the email content for malicious links, attachments, or requests for sensitive information.
- Monitor further actions taken, such as file downloads or access to potentially malicious links.