EXPLORE DETECTIONS
Brand Impersonation: Gemini Trust Company
Detects messages impersonating Gemini Trust Company through analysis of footer content, social media links, and address verification, excluding legitimate communications from authenticated Gemini domains.
Brand impersonation: Github
Impersonation of Github.
Brand impersonation: Github (sawfish campaign)
Impersonation of Github, potentially as part of the sawfish campaign, seeking to harvest Github credentials.
Brand impersonation: GitHub with callback scam indicators
Detects messages using GitHub's noreply address that contain callback scam language, brand impersonation tactics, or fraudulent purchase/payment content with phone numbers for victim contact.
Brand impersonation: GoDaddy
Detects messages where the sender is impersonating GoDaddy through display name manipulation or lookalike domains, while not being legitimately authenticated from GoDaddy's infrastructure.
Brand Impersonation: Google (QR Code)
Detects messages using Google based lures, referencing or including a QR code from an Unsolicited sender. These messages often lead users to phishing sites or initiate unwanted downloads.
Brand impersonation: Google Careers
Detects messages impersonating Google Careers or job opportunities in multiple languages that contain links to domains other than Google's legitimate domains, from senders not authenticated as Google.
Brand impersonation: Google Drive fake file share
This rule detects messages impersonating a Google Drive file sharing email where no links point to known Google domains.
Brand impersonation: Google fake sign-in warning
Detects messages with image attachments containing fake Google sign-in warnings with no links leading to Google sites.
Brand impersonation: Google Meet with malicious link
Detects messages with 'Join with Google Meet' display text that redirects to domains other than meet.google.com.
Brand impersonation: Google using Microsoft Forms
Abuses Microsoft Forms to impersonate Google.
Brand impersonation: Google Workspace alert notification
Detects messages impersonating Google Workspace alert notifications that use Google branding elements, workspace-specific terminology, and admin console references, but originate from non-Google domains and contain suspicious links.
Brand impersonation: Government / Tax Authority document lure
Detects messages impersonating government and tax authorities (such as the IRS, SSA, Department of Treasury, and similar agencies) that contain suspicious document-related links. The rule identifies either download calls-to-action pointing to low-reputation or free subdomain hosts, or phishing-kit URLs that embed the impersonated organization's name in the path. Credential theft intent is confirmed via NLP analysis, and trusted sender domains are only flagged when DMARC authentication fails.
Brand impersonation: Greenvelope
Detects messages impersonating Greenvelope invitations not originating from legitimate Greenvelope domain.
Brand impersonation: Gusto
Impersonation of Gusto, a cloud-based payroll management company.
Brand impersonation: Hulu
Impersonation of Hulu.
Brand impersonation: Interac
Impersonation of the Canadian interbanking network Interac. Seen in the wild impersonating carbon tax rebates and tax return refunds.
Brand impersonation: Internal Revenue Service
Detects messages from senders posing as the Internal Revenue Service by checking display name similarity and content indicators from body text and screenshots. Excludes legitimate IRS domains and authenticated senders.
Brand impersonation: KnowBe4
Impersonation of KnowBe4.
Brand impersonation: LastPass
Detects messages impersonating the password manager LastPass that contain suspicious language about maintenance, vault exports, or master passwords.
Brand impersonation: Ledger
Attack impersonating hardware cryptocurrency wallet ledger.com's brand.
Brand impersonation: LinkedIn
Impersonation of LinkedIn.
Brand impersonation: Mailchimp
Detects messages from senders impersonating Mailchimp through display name spoofing or brand logo usage, combined with security-themed content and suspicious authentication patterns.
Brand impersonation: Mailgun
Impersonation of the Mailgun Email delivery platform.