EXPLORE DETECTIONS
Brand impersonation: Barracuda Networks
Impersonation of Barracuda Networks, an IT security company.
Brand impersonation: Binance
Impersonation of the cryptocurrency exchange Binance.
Brand impersonation: Blockchain[.]com
Impersonation of Blockchain[.]com, usually for credential theft.
Brand impersonation: Booking.com
Detects messages purporting to be from Booking.com's support team that contain suspicious credential collection patterns. The sender is not from a legitimate Booking.com domain and shows a history of problematic behavior or lacks prior solicited communication. Additional checks enforce DMARC authentication for trusted domains.
Brand impersonation: Box file sharing service
Detects messages impersonating Box file sharing service by identifying Box logos, collaboration-related language, or Box company address information from senders not associated with the legitimate box.com domain.
Brand impersonation: Capital One
This detection rule identifies inbound messages containing Capital One branding indicators in display names, sender addresses, message content, or embedded logos, while excluding legitimate Capital One domains and authenticated communications from known trusted senders.
Brand impersonation: Charles Schwab
Impersonation of Charles Schwab & Co
Brand impersonation: Chase Bank
Impersonation of Chase Bank and related services to harvest credentials or related information such as dates of birth, phone numbers, social security numbers, ATM pin numbers, drivers license numbers, selfies, and ID card photos.
Brand impersonation: Chase bank with credential phishing indicators
This rule checks for messages with or without attachments leveraging the Chase logo, and LinkAnalysis or Natural Language Understanding(NLU) has flagged credential phishing with medium to high confidence. The rule also excludes messages where all links are Chase affiliates, in addition to negating high trust sender root domains.
Brand impersonation: Coinbase
Impersonation of the cryptocurrency exchange Coinbase to harvest Coinbase credentials or related information.
Brand impersonation: Coinbase with suspicious links
Detects messages impersonating Coinbase with low reputation or url shortened links.
Brand impersonation: Dashlane
Impersonation of the password management software Dashlane.
Brand impersonation: DHL
Impersonation of the shipping provider DHL.
Brand impersonation: DigitalOcean
Impersonation of the cloud provider DigitalOcean.
Brand impersonation: Discord notification
Detects inbound messages that impersonate Discord's notification system through display name spoofing, domain lookalikes, or logo usage in attachments. The messages contain typical Discord-style notification language in the subject line while failing authentication checks.
Brand Impersonation: Disney
Detects messages from senders impersonating Disney through display name spoofing or brand logo usage, combined with security-themed content and suspicious authentication patterns.
Brand impersonation: DocSend
Attack impersonating DocSend.
Brand impersonation: DocuSign
Attack impersonating a DocuSign request for signature.
Brand impersonation: DocuSign (QR code)
Detects messages using DocuSign image based lures, referencing or including a QR code from an Unsolicited sender. These messages often lead users to phishing sites or initiate unwanted downloads.
Brand impersonation: DocuSign branded attachment lure with no DocuSign links
Detects DocuSign phishing messages with no DocuSign links, a DocuSign logo or verbage within an image or PDF attachment, from an untrusted sender.
Brand impersonation: DocuSign PDF attachment with suspicious link
This rule detects DocuSign logos within PDF's that do not link to reputable domains, nor docusign themselves. This is typically indicative of Credential Phishing.
Brand impersonation: DocuSign with embedded QR code
This rule detects unsolicited messages with short bodies containing a DocuSign logo, QR code language and an embedded QR code.
Brand impersonation: DoorDash
Impersonation of the online food ordering and food delivery platform, DoorDash
Brand impersonation: Dotloop
Impersonation of Dotloop, a real estate transaction management platform.