EXPLORE

EXPLORE DETECTIONS

🔍
1,155 detections found

Brand impersonation: Amazon Web Services (AWS)

Detects messages impersonating AWS through similar display names combined with security-themed content and authentication failures. Excludes legitimate AWS communications and trusted senders.

T1566T1566.001T1566.002T1598T1598.003
Sublimemedium

Brand impersonation: Amazon with suspicious attachment

Impersonation of Amazon. These are most commonly fake shipping notifications. Amazon is the #2 most-impersonated brand (as of Q2 2020)

T1566T1566.001T1566.002T1598T1598.003
Sublimemedium

Brand impersonation: American Express (AMEX)

Impersonation of the credit card provider American Express.

T1566T1566.001T1566.002T1598T1598.003+1
Sublimelow

Brand impersonation: Apple

Impersonation of Apple.

T1566T1566.001T1566.002T1598T1598.003
Sublimehigh

Brand impersonation: Aquent

Detects messages impersonating Aquent, a staffing and talent solutions company, by analyzing sender display names and body content for Aquent branding and office addresses from unauthorized domains.

T1566.002T1534T1656T1566T1566.001+2
Sublimemedium

Brand impersonation: Aramco

Impersonation of the petroleum and natural gas company Saudi Aramco.

T1566.002T1534T1656T1598.003T1583.001+2
Sublimemedium

Brand impersonation: AuthentiSign

Detects messages impersonating AuthentiSign through display name, domain, subject, or body content that either originate from non-AuthentiSign or spoofed domains.

T1566T1566.001T1566.002T1598T1534+3
Sublimemedium

Brand impersonation: Automobile assistance associations

Detects messages impersonating automobile associations (AAA, CAA, RAC, etc.) offering vehicle emergency kits or roadside assistance services from untrusted senders.

T1566T1566.001T1566.002T1598T1598.003
Sublimehigh

Brand impersonation: Bank of America

Impersonation of Bank of America, usually for credential theft.

T1566T1566.001T1566.002T1598T1598.003+1
Sublimehigh

Brand impersonation: Barracuda Networks

Impersonation of Barracuda Networks, an IT security company.

T1566T1566.001T1566.002T1598T1598.003+1
Sublimemedium

Brand impersonation: Bids & Tenders

Detects links impersonating the Bids & Tenders platform. The rule identifies suspicious links from non-legitimate domains that load Bids & Tenders logo assets, suggesting the sender is spoofing the platform to appear legitimate.

T1566T1566.001T1566.002T1598T1598.003
Sublimehigh

Brand impersonation: Binance

Impersonation of the cryptocurrency exchange Binance.

T1566T1566.001T1566.002T1598T1598.003+1
Sublimemedium

Brand impersonation: Blockchain.com

Impersonation of Blockchain.com, usually for credential theft.

T1566T1566.001T1566.002T1598T1598.003+1
Sublimemedium

Brand impersonation: Booking.com

Detects messages purporting to be from Booking.com's support team that contain suspicious credential collection patterns. The sender is not from a legitimate Booking.com domain and shows a history of problematic behavior or lacks prior solicited communication. Additional checks enforce DMARC authentication for trusted domains.

T1566T1566.001T1566.002T1598T1598.003
Sublimemedium

Brand impersonation: Box file sharing service

Detects messages impersonating Box file sharing service by identifying Box logos, collaboration-related language, or Box company address information from senders not associated with the legitimate box.com domain.

T1566T1566.001T1566.002T1598T1598.003
Sublimemedium

Brand impersonation: Canada Revenue Agency

Detects messages impersonating the Canada Revenue Agency (CRA) in English or French that contain credential theft indicators. The rule identifies senders claiming to be CRA through display names or subject line references, uses natural language understanding to detect credential theft intent, and excludes legitimate senders with proper authentication.

T1566.002T1534T1656T1566T1566.001+2
Sublimemedium

Brand impersonation: Capital One

This detection rule identifies inbound messages containing Capital One branding indicators in display names, sender addresses, message content, or embedded logos, while excluding legitimate Capital One domains and authenticated communications from known trusted senders.

T1566T1566.001T1566.002T1598T1598.003+1
Sublimehigh

Brand impersonation: Charles Schwab

Impersonation of Charles Schwab & Co

T1566T1566.001T1566.002T1598T1598.003+1
Sublimemedium

Brand impersonation: Chase Bank

Impersonation of Chase Bank and related services to harvest credentials or related information such as dates of birth, phone numbers, social security numbers, ATM pin numbers, drivers license numbers, selfies, and ID card photos.

T1566T1566.001T1566.002T1598T1598.003+1
Sublimehigh

Brand impersonation: Chase bank with credential phishing indicators

This rule checks for messages with or without attachments leveraging the Chase logo, and LinkAnalysis or Natural Language Understanding(NLU) has flagged credential phishing with medium to high confidence. The rule also excludes messages where all links are Chase affiliates, in addition to negating high trust sender root domains.

T1566T1566.001T1566.002T1598T1598.003
Sublimemedium

Brand impersonation: Cloud services with credential theft intent

Detects messages impersonating cloud services that contain high-confidence credential theft language and file sharing topics. The message starts with 'Cloud' or a cloud emoji or Cloud+ text, contains links to external domains not matching the sender's domain, and lacks recipient identification entities.

T1566T1566.001T1566.002T1598
Sublimemedium

Brand impersonation: Coinbase

Impersonation of the cryptocurrency exchange Coinbase to harvest Coinbase credentials or related information.

T1566T1566.001T1566.002T1598T1598.003+1
Sublimehigh

Brand impersonation: Coinbase with suspicious links

Detects messages impersonating Coinbase with low reputation or url shortened links.

T1566T1566.001T1566.002T1598T1036+2
Sublimemedium

Brand impersonation: Dashlane

Impersonation of the password management software Dashlane.

T1566T1566.001T1566.002T1598T1598.003
Sublimemedium
PreviousPage 13 of 49Next