EXPLORE DETECTIONS
Brand Impersonation: Shein
Detects suspicious Shein-branded communications using display name impersonation, logo detection, and deceptive content analysis. Includes checks for security/authentication topics, secure messages, notifications, and promotional content like fake surveys or giveaways. Excludes legitimate Shein domains with proper authentication and known trusted senders.
Brand impersonation: Silicon Valley Bank
Detects emails that impersonate Silicon Valley Bank
Brand impersonation: SiriusXM
Impersonation of the broadcasting corporation SiriusXM.
Brand impersonation: Spotify
Impersonation of Spotify.
Brand impersonation: Square
Impersonation of Square, typically containing security-related language, secure message notifications, or credential theft indicators from unauthorized senders.
Brand impersonation: Squarespace
Detects impersonation of Squarespace through sender display name or subject line similarity, where the sender is not from legitimate Squarespace domains or fails authentication checks.
Brand impersonation: State Farm
Detects messages impersonating State Farm insurance company through display name spoofing or similar variations, excluding legitimate communications from verified State Farm domains with proper DMARC authentication.
Brand impersonation: Stellar Development Foundation (SDF)
Attack impersonating Stellar Development Foundation (SDF).
Brand Impersonation: Stripe
Impersonation of Stripe, usually for credential theft.
Brand impersonation: Stripe notification
Campaigns have been observed sending templated Stripe notification emails with the call-to-action button link replaced, clicking through to a malicious credential phishing page.
Brand impersonation: Sublime Security
Possible attempt to impersonate Sublime Security executives.
Brand impersonation: Survey request with credential theft indicators
Detects messages containing credential theft language disguised as survey requests from promotional content, targeting organizations from untrusted or spoofed high-trust domains.
Brand impersonation: TikTok
Detects messages impersonating TikTok through similar display names or logo detection, combined with security-themed content and authentication failures. Excludes legitimate TikTok communications and trusted senders.
Brand impersonation: Toronto-Dominion Bank
Impersonation of TD Bank or TD Canada Trust using display name spoofing or logo detection, combined with suspicious content related to security authentication or credential theft from unauthorized senders.
Brand impersonation: Trust Wallet
Detects inbound messages containing links where the sender impersonates Trust Wallet through display name manipulation and suspicious language, while not being from legitimate Trust Wallet domains. The rule checks for credential theft patterns and validates sender authentication.
Brand impersonation: TurboTax
Impersonation of the TurboTax service from Intuit. Most commonly seen around US tax season (Q1).
Brand impersonation: Twitter
Impersonation of Twitter.
Brand impersonation: UK government Home Office
Detects messages impersonating UK government agencies (Home Office, UK Visas and Immigration, gov.uk) that contain links not leading to legitimate gov.uk domains or show credential theft language, from senders not authenticated as official government domains.
Brand impersonation: ukr[.]net
Impersonation of ukr[.]net. Originally reported by CERT-UA on 07 March, 2022, phishing emails impersonate ukr[.]net to steal user credentials. "Compromised mailboxes are used by the Russian Federation's special services to conduct cyber attacks on citizens of Ukraine."
Brand impersonation: United Healthcare
Detects messages impersonating United Healthcare (UHC) by analyzing display names that contain variations of 'United Healthcare' or 'UHC', including those with character substitutions. The rule excludes legitimate messages from verified UHC domains that pass DMARC authentication and handles high-trust sender domains appropriately.
Brand impersonation: UPS
Impersonation of United Parcel Service (UPS).
Brand impersonation: USPS
Impersonation of the United States Postal Service.
Brand impersonation: Vanguard
Detects inbound messages from senders using Vanguard-like display names or domains, excluding legitimate Vanguard domains and authenticated communications. Additional checks ensure the sender is not from trusted organizational domains or high-trust sender domains with proper authentication.
Brand impersonation: Vanta
Impersonation of Vanta.