EXPLORE DETECTIONS
Brand impersonation: Charles Schwab
Impersonation of Charles Schwab & Co
Brand impersonation: Chase Bank
Impersonation of Chase Bank and related services to harvest credentials or related information such as dates of birth, phone numbers, social security numbers, ATM pin numbers, drivers license numbers, selfies, and ID card photos.
Brand impersonation: Chase bank with credential phishing indicators
This rule checks for messages with or without attachments leveraging the Chase logo, and LinkAnalysis or Natural Language Understanding(NLU) has flagged credential phishing with medium to high confidence. The rule also excludes messages where all links are Chase affiliates, in addition to negating high trust sender root domains.
Brand impersonation: Coinbase
Impersonation of the cryptocurrency exchange Coinbase to harvest Coinbase credentials or related information.
Brand impersonation: Coinbase with suspicious links
Detects messages impersonating Coinbase with low reputation or url shortened links.
Brand impersonation: Dashlane
Impersonation of the password management software Dashlane.
Brand impersonation: DHL
Impersonation of the shipping provider DHL.
Brand impersonation: DigitalOcean
Impersonation of the cloud provider DigitalOcean.
Brand impersonation: Discord notification
Detects inbound messages that impersonate Discord's notification system through display name spoofing, domain lookalikes, or logo usage in attachments. The messages contain typical Discord-style notification language in the subject line while failing authentication checks.
Brand Impersonation: Disney
Detects messages from senders impersonating Disney through display name spoofing or brand logo usage, combined with security-themed content and suspicious authentication patterns.
Brand impersonation: DocSend
Attack impersonating DocSend.
Brand impersonation: DocuSign
Attack impersonating a DocuSign request for signature.
Brand impersonation: DocuSign (QR code)
Detects messages using DocuSign image based lures, referencing or including a QR code from an Unsolicited sender. These messages often lead users to phishing sites or initiate unwanted downloads.
Brand impersonation: DocuSign branded attachment lure with no DocuSign links
Detects DocuSign phishing messages with no DocuSign links, a DocuSign logo or verbage within an image or PDF attachment, from an untrusted sender.
Brand impersonation: DocuSign PDF attachment with suspicious link
This rule detects DocuSign logos within PDF's that do not link to reputable domains, nor docusign themselves. This is typically indicative of Credential Phishing.
Brand impersonation: DocuSign with embedded QR code
This rule detects unsolicited messages with short bodies containing a DocuSign logo, QR code language and an embedded QR code.
Brand impersonation: DoorDash
Impersonation of the online food ordering and food delivery platform, DoorDash
Brand impersonation: Dotloop
Impersonation of Dotloop, a real estate transaction management platform.
Brand impersonation: Dropbox
Impersonation of Dropbox, a file sharing service.
Brand impersonation: Enbridge
Impersonation of the Canadian energy company Enbridge.
Brand impersonation: Evite
Detects messages impersonating Evite invitations by looking for invitation language while not originating from legitimate Evite domains.
Brand impersonation: Exodus
Attack impersonating Exodus Wallet.
Brand impersonation: Fake DocuSign HTML table not linking to DocuSign domains
Detects HTML table elements that mimick DocuSign templates linking to non-DocuSign destinations. The rule negates high trusted sender domains and legitimate replies.
Brand impersonation: Fake Fax
Detects messages containing fax-related language and notification elements from senders outside of known legitimate fax service providers.