EXPLORE DETECTIONS
Brand impersonation: Dropbox
Impersonation of Dropbox, a file sharing service.
Brand impersonation: Enbridge
Impersonation of the Canadian energy company Enbridge.
Brand impersonation: Evite
Detects messages impersonating Evite invitations by looking for invitation language while not originating from legitimate Evite domains.
Brand impersonation: Exodus
Attack impersonating Exodus Wallet.
Brand impersonation: Fake DocuSign HTML table not linking to DocuSign domains
Detects HTML table elements that mimick DocuSign templates linking to non-DocuSign destinations. The rule negates high trusted sender domains and legitimate replies.
Brand impersonation: Fake Fax
Detects messages containing fax-related language and notification elements from senders outside of known legitimate fax service providers.
Brand impersonation: Fastway
Impersonation of Fastway Couriers, a delivery services company in Ireland and South Africa.
Brand impersonation: FedEx
Impersonation of the shipping provider FedEx.
Brand impersonation: File sharing notification with template artifacts
Detects messages impersonating file sharing services that contain template artifacts such as placeholder comments, incomplete HTML elements, and development remnants. The message includes 'shared with you' language and exhibits multiple indicators of being generated from a malicious template including HTML comments with development terms, broken anchor tags, and filename elements that closely match the subject line.
Brand impersonation: FINRA
Impersonation of the Financial Industry Regulatory Authority (FINRA)
Brand Impersonation: Gemini Trust Company
Detects messages impersonating Gemini Trust Company through analysis of footer content, social media links, and address verification, excluding legitimate communications from authenticated Gemini domains.
Brand impersonation: Github
Impersonation of Github.
Brand impersonation: Github (sawfish campaign)
Impersonation of Github, potentially as part of the sawfish campaign, seeking to harvest Github credentials.
Brand impersonation: GitHub with callback scam indicators
Detects messages using GitHub's noreply address that contain callback scam language, brand impersonation tactics, or fraudulent purchase/payment content with phone numbers for victim contact.
Brand impersonation: GoDaddy
Detects messages where the sender is impersonating GoDaddy through display name manipulation or lookalike domains, while not being legitimately authenticated from GoDaddy's infrastructure.
Brand Impersonation: Google (QR Code)
Detects messages using Google based lures, referencing or including a QR code from an Unsolicited sender. These messages often lead users to phishing sites or initiate unwanted downloads.
Brand impersonation: Google Careers
Detects messages impersonating Google Careers or job opportunities in multiple languages that contain links to domains other than Google's legitimate domains, from senders not authenticated as Google.
Brand impersonation: Google Drive fake file share
This rule detects messages impersonating a Google Drive file sharing email where no links point to known Google domains.
Brand impersonation: Google fake sign-in warning
Detects messages with image attachments containing fake Google sign-in warnings with no links leading to Google sites.
Brand impersonation: Google Meet with malicious link
Detects messages with 'Join with Google Meet' display text that redirects to domains other than meet.google.com.
Brand impersonation: Google using Microsoft Forms
Abuses Microsoft Forms to impersonate Google.
Brand impersonation: Google Workspace alert notification
Detects messages impersonating Google Workspace alert notifications that use Google branding elements, workspace-specific terminology, and admin console references, but originate from non-Google domains and contain suspicious links.
Brand impersonation: Greenvelope
Detects messages impersonating Greenvelope invitations not originating from legitimate Greenvelope domain.
Brand impersonation: Gusto
Impersonation of Gusto, a cloud-based payroll management company.