Gartner Security & Risk Management Summit - London, Sep 26th - 28th
Register now
Portal del cliente
News
Partners
Resumen
Socios tecnológicos
Integraciones
Portal de socios
Hazte socio
Featured Partners
Microsoft
AWS
McLaren
Empresa
Resumen
Carreras
Inversores
Liderazgo
Federal
Educación
Legal
Contacte con nosotros
Contacto
Productos
Clientes
AI Research Centre
Blog
Recursos
Productos
DARKTRACE
PREVENT
™

Harden security inside and out

DARKTRACE
DETECT
™

Vea los ataques al instante

DARKTRACE
RESPOND
™

Desarmar en segundos

DARKTRACE
HEAL
™

Be ready, recover quickly

Cobertura básica
Cloud
Email
Apps
Endpoint
Zero Trust
Red
OT
Cyber AI: One on One Security

Discover AI-powered cyber security that uniquely adapts to your business and novel cyber-attacks

Integraciones

Darktrace está diseñado con una arquitectura abierta que lo convierte en el complemento perfecto para su infraestructura y productos existentes.

Explorar las integraciones
Clientes
Darktrace in action
Darktrace customers protect their organizations with the Cyber AI Loop.
view customers
JOIN 8,800+ companies using darktrace
La IA de autoaprendizaje investiga el comportamiento en endpoint junto con el comportamiento en Microsoft 365 y en todo nuestro entorno de nube.
Terry Wright
,
Jefe de Infraestructura de TI
,
Scope Markets
RESEARCH CENTRE
AI Research
We examine how AI can be applied to real-world problems to find new paths forward
AI RESEARCH CENTRE
Innovating Cyber Recovery - Key to Cyber Resilience
Detección rápida de anomalías en la cadena de procesos mediante un clasificador multietapa
Clasificación de largas listas de nombres de archivos por relevancia y contenido sensible
La investigación desvela las incógnitas; también ayuda a arrojar luz sobre lo que nos enfrentamos colectivamente.
Jack Stockdale OBE, CTO, Darktrace
Blog
Darktrace Blog
Darktrace experts weigh in on the cyber landscape
all blogs
Dentro del SOC
Black Basta: Old Dogs with New Tricks
Using AI to Help Humans Function Better During a Cyber Crisis
REsources
Darktrace Library
Eventos
Seminarios web
all resources
Navigating a New Threat Landscape: Breaking Down the AI Kill Chain
Informe técnico
BlogSala de prensaEmpresaPortal del clienteSocios
Obtenga una demo
Contacte con nosotros
Iniciar la prueba gratuita
Productos
Resumen de productosDarktrace PREVENT™Darktrace DETECT™Darktrace RESPOND™Darktrace HEAL™
Cobertura básica
CloudAppsEmailEndpointZero TrustOTRed
Integraciones
Explorar las integraciones
ClientesCentro de Investigación de IA
Recursos
Resumen de recursosWebinarsEventosFichas técnicasInformes técnicos
BlogPortal del clienteNews
Partners
Visión generalSocios tecnológicosIntegracionesPortal de socios
Empresa
Resumen
Carreras
Inversores
LiderazgoFederalLegalContacte con nosotros
GET A DEMO
See why 8,800+ companies trust Darktrace
Thanks, your request has been received
A member of our team will be in touch with you shortly.
YOU MAY FIND INTERESTING
Five Key Takeaways from Black Hat 2023
Hives & Frankensteins: The Half-Year Threat Report
¡Ups! Algo salió mal al enviar el formulario.
Darktrace/Email
Darktrace
/
Email

Cloud

Apps

Email

Endpoint

Zero Trust

Red

OT

DETECT & RESPOND
Casos de uso
Interactive OverviewRansomwareSupply Chain AttacksAccount TakeoverPhishing
Casos de uso
Interactive OverviewRansomwareSupply Chain AttackAccount TakeoverPhishing
Blog
Historias de clientes
Integraciones
COBERTURA PRINCIPAL
Cloud
Apps
Email
Endpoint
Zero Trust
Red
OT
What are your top concerns right now?
Account Takeover
Compromised user
Business Email Compromise
Highly sophisticated impersonation
Human Error
Misdirected emails
Generative AI Attacks
Sophisticated novel social engineering
Ransomware y malware
Software designed to corrupt systems
Ataque a la cadena de suministro
Third-party compromise
Compromiso del correo electrónico del proveedor
Impersonation of a known third party
Phishing
Email-based attacks
Payment Fraud
Soliciting false payments
Email Account Takeover
Compromised email user
VIP Impersonation
High-profile identity fraud
Cloud Platform Abuse
Legitimate service misuse
Graymail
Non-productive emails
Credential Phishing
Lures user into sharing account details
Spoofing
Manipulative identity fraud
Non-Productive Mail
Unwanted but non-malicious emails
Select All
Continue
Some context before you dive in...
Darktrace understands you to detect threats of any type
Hover your mouse over different elements to learn more
Next Step
Continue
Continue
Gracias. Hemos recibido su envío.
¡Ups! Algo salió mal al enviar el formulario.
TOP CONCERNS
Edit
Share Link
Resumen
How Darktrace understands you
Account Takeover
Compromised user
Business Email Compromise
Highly sophisticated impersonation
Human Error
Misdirected emails
Generative AI Attacks
Sophisticated novel social engineering
Ransomware y malware
Software designed to corrupt systems
Ataque a la cadena de suministro
Third-party compromise
Compromiso del correo electrónico del proveedor
Impersonation of a known third party
Phishing
Email-based attacks
Payment Fraud
Soliciting false payments
Email Account Takeover
Compromised email user
VIP Impersonation
High-profile identity fraud
Cloud Platform Abuse
Legitimate service misuse
Graymail
Non-productive emails
Credential Phishing
Lures user into sharing account details
Spoofing
Manipulative identity fraud
Non-Productive Mail
Unwanted but non-malicious emails
Darktrace/Email understands you to stop novel, targeted threats on first encounter.
By understanding every user’s activity across their inbox and email accounts, you can ask at every stage: “does this belong?”
Demos:
Email Use Cases
Human Error
Account Takeover
Non-Productive Mail
Darktrace/Email: Email Security that Understands You
Top Concerns

Account Takeover

Account takeover occurs when cyber criminals take ownership of an user’s account using stolen credentials. The compromised account is then used for malicious purposes like data exfiltration, ransomware or outbound supply chain attacks.
Email Use Cases Demo
Human Error Demo
Account Takeover Demo
Non-Productive Mail
See more on

Account Takeover

Why this threat bypasses traditional defenses & tricks users
Delivery Tactics
Acquires stolen credentials through phishing campaign or data leak
Social Engineering Tactics
Spoofs trusted vendors or legitimate websites to trick user into entering credentials or sensitive data
How Darktrace/Email neutralizes this threat:
Darktrace considers a user’s behavior in their inbox as well as their wider Microsoft or Google account activity, linking unusual logins with suspicious email activity that may point to an account takeover.
Top Concerns

Business Email Compromise

BEC involves attackers gaining unauthorized access to a company's email account or impersonating a trusted individual for the purpose of carrying out fraudulent actions such as transferring money or obtaining sensitive information through social engineering tactics.
Email Use Cases Demo
Human Error Demo
Account Takeover Demo
Non-Productive Mail
See more on

Business Email Compromise

Why this threat bypasses traditional defenses & tricks users
Delivery Tactics
Leveraging compromised accounts or send messages without attachments
Social Engineering Tactics
Spoofing high-level executives or the CEO to make the email appear legitimate and urgent
How Darktrace/Email neutralizes this threat:
Darktrace/Email is not blinded by historically trusted senders, but rather analyzes each email individually within the context of the sender's normal activity and can spot signs of solicitation.
Top Concerns

Human Error

Misdirected emails are the biggest cause of accidental data loss, which is increasingly a concern for businesses. While the cause is often basic human error, implications could include data leakages incurring GDPR or regulatory fines.
Email Use Cases Demo
Human Error Demo
Account Takeover Demo
Non-Productive Mail
See more on

Human Error

Why this threat bypasses traditional defenses & tricks users
Delivery Tactics
No malicious delivery tactics required as the email is often misdirected by human error
Social Engineering Tactics
Misdirected emails often accidentally go to a recipient who has been previously contacted, but may have a similar name to another, more frequent contact
How Darktrace/Email neutralizes this threat:
Darktrace/Email prevents accidental data loss by learning normal communication patterns for every user and intercepting with a warning before highly anomalous emails are sent.
Top Concerns

Generative AI Attacks

A rising threat in the security scene, these attacks use generative AI tools to send highly sophisticated phishing emails. These targeted emails, assisted by AI, are more likely to evade legacy email security and fool employees.
Email Use Cases Demo
Human Error Demo
Account Takeover Demo
Non-Productive Mail
See more on

Generative AI Attacks

Why this threat bypasses traditional defenses & tricks users
Delivery Tactics
Linguistic complexity; payloadless attacks
Social Engineering Tactics
More targeted with fewer grammar and spelling mistakes
How Darktrace/Email neutralizes this threat:
Darktrace analyzes every email in context of a user’s normal communication patterns, asking for every email "does this belong?", and neutralizing or removing the elements that don’t.
Top Concerns

Ransomware y malware

Ransomware and malware are types of malicious software that are often delivered through email, designed to infect a user's computer or network and either encrypt their data or steal sensitive information.
Email Use Cases Demo
Human Error Demo
Account Takeover Demo
Non-Productive Mail
See more on

Ransomware y malware

Why this threat bypasses traditional defenses & tricks users
Delivery Tactics
Can use polymorphic payloads which change based on the recipient's location or behavior, making it difficult to analyze signatures
Social Engineering Tactics
Uses persuasive language or create a sense of urgency to entice the recipient into clicking on a link or opening an infected attachment
How Darktrace/Email neutralizes this threat:
Darktrace/Email stops malware and ransomware at the first hurdle by recognizing subtle signs of unusual activity in both the email and network environment.
Top Concerns

Ataque a la cadena de suministro

A supply chain attack is where a hacker targets a company's third-party vendors, suppliers, or partners to gain unauthorized access to the company's systems or data. The attack can result in a vendor email compromise, where the hacker uses compromised email accounts for further assaults.
Email Use Cases Demo
Human Error Demo
Account Takeover Demo
Non-Productive Mail
See more on

Ataque a la cadena de suministro

Why this threat bypasses traditional defenses & tricks users
Delivery Tactics
Leverages compromised accounts and are often payloadless
Social Engineering Tactics
Takes advantage of trusted relationships and on-going conversations
How Darktrace/Email neutralizes this threat:
Darktrace/Email understands the content and context of every interaction with external users. Deviations in language, structure and payloads would result in proportional actions taken to neutralize risk.
Top Concerns

Compromiso del correo electrónico del proveedor

Vendor Email Compromise occurs when a third party is compromised by cyber criminals who attempt who hijack the supply chain via a malicious phishing campaign. These attacks bypass email security rules as they stem from trusted accounts.
Email Use Cases Demo
Human Error Demo
Account Takeover Demo
Non-Productive Mail
See more on

Compromiso del correo electrónico del proveedor

Why this threat bypasses traditional defenses & tricks users
Delivery Tactics
Compromises a legitimate account or use domain with clean reputation
Social Engineering Tactics
Blends into normal communication style with subtle changes to trick recipient
How Darktrace/Email neutralizes this threat:
Darktrace learns what normal communication patterns look like for every user, in order to spot the subtle indicators of emails sent with malicious intent, no matter who has sent them.
Top Concerns

Phishing

Attackers use fake, socially-engineered emails or messages to trick individuals into giving away sensitive information, such as login credentials or credit card details.
Email Use Cases Demo
Human Error Demo
Account Takeover Demo
Non-Productive Mail
See more on

Phishing

Why this threat bypasses traditional defenses & tricks users
Delivery Tactics
Attackers may use techniques such as code/URL obfuscation or encryption to create obstacles in detecting phishing emails
Social Engineering Tactics
Using persuasive language or create a sense of urgency to entice the recipient into clicking on a link/attachment or disclosing information
How Darktrace/Email neutralizes this threat:
Understands the intent of the sender by analyzing the language of every email, as well as spotting attempted deceit or solicitation in any embedded links or attachments.
Top Concerns

Payment Fraud

Payment fraud or Invoice Fraud are types of email security attacks where attackers impersonate a legitimate vendor or supplier to trick victims into transferring money or making payments to fraudulent accounts.
Email Use Cases Demo
Human Error Demo
Account Takeover Demo
Non-Productive Mail
See more on

Payment Fraud

Why this threat bypasses traditional defenses & tricks users
Delivery Tactics
Leverages legitimate payment services to avoid rule and signature reputation checks
Social Engineering Tactics
Spoofs high-level executives or the CEO and embed themselves in ongoing conversations with trusted senders
How Darktrace/Email neutralizes this threat:
Darktrace/Email recognizes spoofing and detects attempts at invoice fraud through language in the body of the email, and takes action to ensure the attack does not succeed.
Top Concerns

Email Account Takeover

Email account takeover refers to the unauthorized access and control of an individual's email account by an attacker, who can use it for various malicious purposes.
Email Use Cases Demo
Human Error Demo
Account Takeover Demo
Non-Productive Mail
See more on

Email Account Takeover

Why this threat bypasses traditional defenses & tricks users
Delivery Tactics
Embeds links with new domains or never before seen attachments that redirect to a fake log-in page
Social Engineering Tactics
Redirects the recipient to a well crafted fake log-in site
How Darktrace/Email neutralizes this threat:
Darktrace considers a user’s behavior in their inbox as well as their wider Microsoft or Google account activity, linking unusual logins with suspicious email activity that may point to an email account takeover.
Top Concerns

VIP Impersonation

Social engineering attack where an attacker poses as a high-profile individual, such as a celebrity or a government official, in an attempt to trick the recipient into divulging sensitive information or taking a specific action.
Email Use Cases Demo
Human Error Demo
Account Takeover Demo
Non-Productive Mail
See more on

VIP Impersonation

Why this threat bypasses traditional defenses & tricks users
Delivery Tactics
Compromises a legitimate account or use domain with clean reputation
Social Engineering Tactics
Attacker pretends to be a VIP of the target company to add credibility and leverage pretexting and spear-phishing
How Darktrace/Email neutralizes this threat:
Darktrace/Email recognizes visually similar email addresses to those in your organization, and spots patterns in the body of an email consistent with solicitation. It unspoofs the sender by revealing the true identity of the sender to avoid misinterpretation by the recipient.
Top Concerns

Cloud Platform Abuse

Cloud Platform Abuse involves the leveraging of legitimate cloud infrastructure, including widely used services and file-sharing products, to bypass defenses and conceal malicious content.
Email Use Cases Demo
Human Error Demo
Account Takeover Demo
Non-Productive Mail
See more on

Cloud Platform Abuse

Why this threat bypasses traditional defenses & tricks users
Delivery Tactics
Leverages clean reputation domains and links to known trusted sites
Social Engineering Tactics
Uses the service's legitimate text and format, and therefore identical to non-malicious email from the service
How Darktrace/Email neutralizes this threat:
Darktrace/Email is not blinded by a historically trusted service but rather analyzes emails individually, judging each email within the context of the user's normal conversations and surfacing suspicious elements at every layer.
Top Concerns

Graymail

Graymail refers to legitimate email messages that a user has opted into but no longer wants to receive, such as newsletters or marketing promotions. These emails are not malicious in nature but can still be a nuisance.
Email Use Cases Demo
Human Error Demo
Account Takeover Demo
Non-Productive Mail
See more on

Graymail

Why this threat bypasses traditional defenses & tricks users
Delivery Tactics
No malicious delivery tactics required as it is often requested by the user from legitimate sites/businesses
Social Engineering Tactics
Persuasive commercial tone looking to solicit purchase or further engagement with the service or company
How Darktrace/Email neutralizes this threat:
Darktrace/Email learns how each user interacts with their graymail and anticipates their action – such as moving to junk – to save employee's time.
Top Concerns

Credential Phishing

Credential phishing attacks lure a user into giving their account details, typically by mimicking a legitimate service log-in page. These pages will often be delivered via a phishing campaign or disguised within a legitimate source.
Email Use Cases Demo
Human Error Demo
Account Takeover Demo
Non-Productive Mail
See more on

Credential Phishing

Why this threat bypasses traditional defenses & tricks users
Delivery Tactics
Typically via an embedded link or attachment (or link in an attachment) that has a clean reputation
Social Engineering Tactics
Mimics a legitimate sign-in page and encourages a user to log in
How Darktrace/Email neutralizes this threat:
Understands the intent of the sender by analyzing the language used, as well as spotting attempts to solicit user information in any embedded links or attachments.
Top Concerns

Spoofing

Spoofing is the act of falsifying the sender information to make an email appear as if it was sent from a trusted source, with the intention of deceiving the recipient into performing an action or divulging sensitive information.
Email Use Cases Demo
Human Error Demo
Account Takeover Demo
Non-Productive Mail
See more on

Spoofing

Why this threat bypasses traditional defenses & tricks users
Delivery Tactics
Attackers can use mail header manipulation, domain and IP address spoofing, as well as compromised accounts
Social Engineering Tactics
Researching the impersonated victim to create pretext and relevant content for a convincing email
How Darktrace/Email neutralizes this threat:
Darktrace/Email recognizes visually similar email addresses to those in your organization, and spots patterns in the body of an email consistent with solicitation.
Top Concerns

Non-Productive Mail

Non-productive mail is unsolicited or irrelevant email that can waste time and resources, however is not necessarily malicious.
Email Use Cases Demo
Human Error Demo
Account Takeover Demo
Non-Productive Mail
See more on

Non-Productive Mail

Why this threat bypasses traditional defenses & tricks users
Delivery Tactics
Often sent by legitimate businesses and doesn't contain malicious payloads
Social Engineering Tactics
Utilises persuasive language, urgency, and recognizable brand names to make non-productive emails more likely to be opened and read by recipients
How Darktrace/Email neutralizes this threat:
Darktrace/Email learns the preferred classification of each user's non-productive mail and sorts it into its appropriate place in the inbox.

Darktrace/Email Use Cases

Top Concerns
Share Link
Book a demo
threat examples

Stop inbox threats of all types

Your browser is too small
Resize your browser to at least 990px wide
Sample threat detections

Your Use Cases

SOLICITE UNA DEMO
Try selecting email attack types to see
email threats display here.

Email Log

Esto es un texto dentro de un bloque div.
Esto es un texto dentro de un bloque div.

Email Log

From:
Audri Glacier
audri.glacier.myww@gmail.com
Dear Mary Grace, your subscription invoice is due
To:
mary.grace@holdingsinc.com
ransomware-malware; invoice-payment-fraud; spoofing; business-email-compromise; phishing
100
May 4, 2023
From:
holdingsinc.com - NoReply
support@leticiaburdphd.com
EMAIL WILL SHUT DOWN IN 24HRS
To:
greg.gibson@holdingsinc.com
phishing; credential-phishing; spoofing; cloud-platform-abuse
100
April 26, 2023
From:
B KEVIN SWANSON (via Dropbox)
no-reply@dropbox.com
B KEVIN SWANSON shared "Important Document.pdf" with you
To:
vicente.garcia@holdingsinc.com
cloud-platform-abuse; phishing; credential-phishing; spoofing
69
April 26, 2023
From:
Fedex
support@lily.kendall.net
Lily.Kendall your package is out for delivery
To:
lily.kendall@holdingsinc.com
phishing; spoofing; cloud-platform-abuse; credential-phishing
100
April 26, 2023
From:
UPS
win-winner@UPS.io
UPS Shopper! We have a surprise for you STAY CALM...
To:
sschwartz@holdingsinc.com
phishing; cloud-platform-abuse; credential-phishing; spoofing
100
April 26, 2023
From:
American Express
antonion.gomez@logos4y.com
Confirmation: Unrecognized Recent Transaction
To:
kylie.stefan@holdingsinc.com
ransomware-malware; phishing; invoice-payment-fraud; business-email-compromise; spoofing
100
May 4, 2023
From:
paynotice@deposit-jpmchase.com
Payment Issuance Notice
To:
accounts@holdingsinc.com
ransomware-malware; invoice-payment-fraud; phishing; business-email-compromise; spoofing
96
April 26, 2023
From:
Citi Paylink
paymentadvice@citi.com
Payment Advice-BCS_ECS9522023032900460039_16922_953
To:
sales@holdingsinc.com
ransomware-malware; vendor-email-compromise; spoofing; supply-chain-attack; email-account-takeover; business-email-compromise; invoice-payment-fraud
100
April 26, 2023
From:
XEROX
spence@jayaaitsu.co.jp
Incoming Wire $76,990*** for benjamin.jets@holdingsinc.com
To:
benjamin.jets@holdingsinc.com
ransomware-malware; phishing; spoofing
100
April 26, 2023
From:
VDC Legal
VDC_LAWYER@nobiases.com
LEGAL ACTION / LONG OVERDUE NOTICE
To:
sales@holdingsinc.com
ransomware-malware; invoice-payment-fraud; business-email-compromise; phishing; spoofing
100
April 26, 2023
From:
Daisy Weatherd
777boss@gmail.com
Update my Bank Information
To:
armaan.amistad@holdingsinc.com
vip-impersonation; business-email-compromise; spoofing
100
May 4, 2023
From:
Salma Maplewood
slkxcj.e@noticiasdelaregion.com
Re: Re: Holdings Inc & International Specialty Hospital - Technical Call
To:
ryan.dobbs@holdings.com
vip-impersonation; spoofing; ransomware-malware; phishing
100
May 4, 2023
From:
Cleo Ristpect
fran@hamburguesarica.es
Product details and price list.
To:
bob.mockee@holdingsinc.com
phishing; graymail; non-productive-mail
100
April 19, 2023
From:
Derek Johnson
d.johnson247365@gmail.com
DD
To:
rosalina.lola@holdingsinc.com
phishing
63
May 4, 2023
From:
Annalise CLOVER
annalise.clover@techresearch.fr
Annalise CLOVER shared a file with you
To:
antonio.rich@holdingsinc.com
email-account-takeover; cloud-platform-abuse; vendor-email-compromise; credential-phishing; phishing; supply-chain-attack; business-email-compromise
100
April 26, 2023
From:
Avinash Ahuja
aahuja@taxservicesllc.ca
FW: Invoice paid ! see attached receipt is !
To:
erica.kyle@holdingsinc.com
email-account-takeover; ransomware-malware; spoofing; phishing; supply-chain-attack; vendor-email-compromise; spoofing; business-email-compromise
100
May 4, 2023
From:
***IT-Support***
support@2314647839845.com
fwd: (Confidential Password: Expiration Notice for - jov.hayley@holdingsinc.com
To:
jov.hayley@holdingsinc.com
phishing; credential-phishing; spoofing
100
May 4, 2023
From:
Roxanna Lee Loney
latxs@clickquick.ae
Re: Urgent request for payment
To:
lola.persisto@holdingsinc.com
vip-impersonation; spoofing; ransomware-malware; business-email-compromise; invoice-payment-fraud
100
May 4, 2023
From:
Mario Rivarizzio
officeweb247365247@gmail.com
Available??
To:
joanna.clifton@holdingsinc.com
vip-impersonation; spoofing; business-email-compromise; phishing
100
April 26, 2023
From:
SHARE-POINT
gmauricio@turismomundial.com
New project quotation request from (TOURISM COMPANY)
To:
media@holdingsinc.com
cloud-platform-abuse; spoofing; phishing; credential-phishing
83
May 4, 2023

Threat Explanation

Main Action
By understanding you, Darktrace has determined:
Convocatoria
Convocatoria
Convocatoria
Low Mailing History
Low Mailing History
Low Mailing History
No Association
No Association
No Association
Corresponsal desconocido
Corresponsal desconocido
Corresponsal desconocido
Freemail
Freemail
Freemail
Hold Message
Lock Link
Double Lock Link
Convert Attachment
Strip Attachment
Move to Junk
Add a Banner
Unspoof
Darktrace/Email's Explainable AI
PREVIEW EMAIL

There were text patterns in the email which suggest an attempt to solicit the user into responding directly to the email. A high inducement score was assigned based on these patterns.

The sender of this email has no prior association on the network.

HISTORY
Users
Days
ASSOCIATION
0
Users
0
Days
VALIDATION
SPF
DKIM
DMARC
Main Action
By understanding you, Darktrace has determined:
Spam
Spam
Spam
Low Mailing History
Low Mailing History
Low Mailing History
No Association
No Association
No Association
Corresponsal desconocido
Corresponsal desconocido
Corresponsal desconocido
Hold Message
Lock Link
Double Lock Link
Convert Attachment
Strip Attachment
Move to Junk
Add a Banner
Unspoof
Darktrace/Email's Explainable AI
PREVIEW EMAIL

The sender fran@hamburguesarica.es has included a reply-to address cleo.rispect@hotmail.com which is different to their own. This is a freemail address with no prior association on the network. This may be an attempt to redirect replies to a covert inbox.

The text in this email was assigned a very high inducement score in the Spam category. The recipient is likely being asked to buy a product or service which they do not want.

HISTORY
0
Users
0
Days
ASSOCIATION
0
Users
0
Days
VALIDATION
SPF
DKIM
DMARC
Main Action
By understanding you, Darktrace has determined:
Multistage Payload
Multistage Payload
Multistage Payload
Phishing Attachment
Phishing Attachment
Phishing Attachment
Phishing Link
Phishing Link
Phishing Link
User Impersonation
User Impersonation
User Impersonation
Low Mailing History
Low Mailing History
Low Mailing History
Hold Message
Lock Link
Double Lock Link
Convert Attachment
Strip Attachment
Move to Junk
Add a Banner
Unspoof
Darktrace/Email's Explainable AI
PREVIEW EMAIL

The sender appears to be impersonating an internal user, Salma Maplewood

The email has an attachment containing a highly suspicious link to a host zeducational.co.in. The host has a 100% rarity score based on references in internal traffic.

The email contains an attachment which the system considers to be unexpected and potentially harmful, AZ.pdf.

HISTORY
0
Users
0
Days
ASSOCIATION
0
Users
0
Days
VALIDATION
SPF
DKIM
DMARC
Main Action
By understanding you, Darktrace has determined:
Convocatoria
Convocatoria
Convocatoria
VIP Impersonation
VIP Impersonation
VIP Impersonation
Low Mailing History
Low Mailing History
Low Mailing History
No Association
No Association
No Association
Spoofing Indicators
Spoofing Indicators
Spoofing Indicators
Hold Message
Lock Link
Double Lock Link
Convert Attachment
Strip Attachment
Move to Junk
Add a Banner
Unspoof
Darktrace/Email's Explainable AI
PREVIEW EMAIL

The sender appears to be impersonating a high value internal user, daisy weathered (head of accounts)

There were text patterns in the email which suggest an attempt to solicit the user into responding directly to the email. A high inducement score was assigned based on these patterns.

HISTORY
0
Users
0
Days
ASSOCIATION
0
Users
0
Days
VALIDATION
SPF
DKIM
DMARC
Main Action
By understanding you, Darktrace has determined:
Malware or Ransomware
Malware or Ransomware
Malware or Ransomware
Low Mailing History
Low Mailing History
Low Mailing History
No Association
No Association
No Association
Corresponsal desconocido
Corresponsal desconocido
Corresponsal desconocido
Hold Message
Lock Link
Double Lock Link
Convert Attachment
Strip Attachment
Move to Junk
Add a Banner
Unspoof
Darktrace/Email's Explainable AI
PREVIEW EMAIL

There is a suspicious mismatch between the display name of this sender VDC Legal and their address <VDC_LAWYER@nobiases.com>

The email contains an attachment which the system considers to be highly unexpected, DETAILS AND INVOICES.IMG. The file contains compressed content which could potentially initiate harmful processes when unpacked on the user's device.

HISTORY
2
Users
1
Days
ASSOCIATION
0
Users
0
Days
VALIDATION
SPF
DKIM
DMARC
Main Action
By understanding you, Darktrace has determined:
Fake Account Alert
Fake Account Alert
Fake Account Alert
Malware or Ransomware
Malware or Ransomware
Malware or Ransomware
Multistage Payload
Multistage Payload
Multistage Payload
Phishing Link
Phishing Link
Phishing Link
Low Mailing History
Low Mailing History
Low Mailing History
Hold Message
Lock Link
Double Lock Link
Convert Attachment
Strip Attachment
Move to Junk
Add a Banner
Unspoof
Darktrace/Email's Explainable AI
PREVIEW EMAIL

The sender appears to be impersonating an internal service by referencing the company domain in the subject line. This tactic allows attacks to avoid any validation checks which apply to this domain.

The email has an attachment containing a highly suspicious link to a host www.ding0izmibby[.]xyz. The host has a 100% rarity score based on references in internal traffic.

The email contains an attachment which the system considers to be highly unexpected, .HTM.. It contains javascript code which is used by attackers to enable dynamic webpage features not available in email clients.

HISTORY
0
Users
0
Days
ASSOCIATION
0
Users
0
Days
VALIDATION
SPF
DKIM
DMARC
Main Action
By understanding you, Darktrace has determined:
Forged Address
Forged Address
Forged Address
Malware or Ransomware
Malware or Ransomware
Malware or Ransomware
Low Mailing History
Low Mailing History
Low Mailing History
Spoofing Indicators
Spoofing Indicators
Spoofing Indicators
Corresponsal desconocido
Corresponsal desconocido
Corresponsal desconocido
Hold Message
Lock Link
Double Lock Link
Convert Attachment
Strip Attachment
Move to Junk
Add a Banner
Unspoof
Darktrace/Email's Explainable AI
PREVIEW EMAIL

The email is claiming to be from a popular domain citi.com but was sent from an anomalous source which could not be validated. Its true origin the the IP address 185.225.74.60 located in US. Emails from citi.com are not usually sent from the IP space 211252.

The email contains an attachment which the system considers to be highly unexpected, Payment Advice-BCS_ECS9522023032900460039_16922_952.tar.gz. The file contains compressed content which could potentially initiate harmful processes when unpacked on the user's device.

HISTORY
2
Users
1
Days
ASSOCIATION
0
Users
0
Days
VALIDATION
SPF
DKIM
DMARC
Main Action
By understanding you, Darktrace has determined:
Malware or Ransomware
Malware or Ransomware
Malware or Ransomware
Low Mailing History
Low Mailing History
Low Mailing History
No Association
No Association
No Association
Corresponsal desconocido
Corresponsal desconocido
Corresponsal desconocido
Spoofing Indicators
Spoofing Indicators
Spoofing Indicators
Hold Message
Lock Link
Double Lock Link
Convert Attachment
Strip Attachment
Move to Junk
Add a Banner
Unspoof
Darktrace/Email's Explainable AI
PREVIEW EMAIL

The email contains an attachment which the system considers to be highly unexpected. 🔒Direct Deposit_JPMorgan.html. It contains javascript code which is used by attackers to enable dynamic webpage features not available in email clients.

The sender of this email has no prior association on the network.

HISTORY
0
Users
0
Days
ASSOCIATION
0
Users
0
Days
VALIDATION
SPF
DKIM
DMARC
Main Action
By understanding you, Darktrace has determined:
Brand Impersonation
Brand Impersonation
Brand Impersonation
Malware or Ransomware
Malware or Ransomware
Malware or Ransomware
Low Mailing History
Low Mailing History
Low Mailing History
No Association
No Association
No Association
Corresponsal desconocido
Corresponsal desconocido
Corresponsal desconocido
Hold Message
Lock Link
Double Lock Link
Convert Attachment
Strip Attachment
Move to Junk
Add a Banner
Unspoof
Darktrace/Email's Explainable AI
PREVIEW EMAIL

The sender is impersonating the popular web service american express in their display name. This tactic allows attackers to adopt the identity of a chosen domain while avoiding any validation checks which apply to that domain.

The email contains an attachment which the system considers to be highly unexpected, tracking. The file type text/html is one that may open by default in a web browser and bypass email client protections.

HISTORY
3
Users
0
Days
ASSOCIATION
0
Users
0
Days
VALIDATION
SPF
DKIM
DMARC
Main Action
By understanding you, Darktrace has determined:
Brand Impersonation
Brand Impersonation
Brand Impersonation
Multistage Payload
Multistage Payload
Multistage Payload
Phishing Link
Phishing Link
Phishing Link
Low Mailing History
Low Mailing History
Low Mailing History
No Association
No Association
No Association
Hold Message
Lock Link
Double Lock Link
Convert Attachment
Strip Attachment
Move to Junk
Add a Banner
Unspoof
Darktrace/Email's Explainable AI
PREVIEW EMAIL

The sender is impersonating a popular web service in their display name, ups. This tactic allows attackers to adopt the identity of a chosen domain while avoiding any validation checks which apply to that domain.

The email contains a highly suspicious link to a file storage host firebasestorage.googleapis[.]com. These can be used to host malicious content on websites that appear reputable. The link was hidden from the user and masked by text reading here.

HISTORY
0
Users
0
Days
ASSOCIATION
0
Users
0
Days
VALIDATION
SPF
DKIM
DMARC
Main Action
By understanding you, Darktrace has determined:
Brand Impersonation
Brand Impersonation
Brand Impersonation
Phishing Link
Phishing Link
Phishing Link
No Association
No Association
No Association
Corresponsal desconocido
Corresponsal desconocido
Corresponsal desconocido
Moderate Mailing History
Moderate Mailing History
Moderate Mailing History
Hold Message
Lock Link
Double Lock Link
Convert Attachment
Strip Attachment
Move to Junk
Add a Banner
Unspoof
Darktrace/Email's Explainable AI
PREVIEW EMAIL

There is a lazy attempt to personalize this email by adding part of the recipient's address Lily.Kendall into the subject line.

The email contains a highly suspicious link to a file storage host storage.googleapis[.]com. These can be used to host malicious content on websites that appear reputable. The link was hidden from the user and masked by text reading Schedule your delivery. An inducement score of 63% suggests the sender is trying to induce the user into clicking.

HISTORY
1
Users
2
Days
ASSOCIATION
0
Users
0
Days
VALIDATION
SPF
DKIM
DMARC
Main Action
By understanding you, Darktrace has determined:
Brand Impersonation
Brand Impersonation
Brand Impersonation
Recolección de credenciales
Recolección de credenciales
Recolección de credenciales
Low Mailing History
Low Mailing History
Low Mailing History
No Association
No Association
No Association
Spoofing Indicators
Spoofing Indicators
Spoofing Indicators
Hold Message
Lock Link
Double Lock Link
Convert Attachment
Strip Attachment
Move to Junk
Add a Banner
Unspoof
Darktrace/Email's Explainable AI
PREVIEW EMAIL

The sender is impersonating the popular web service sharepoint in their display name. This tactic allows attackers to adopt the identity of a chosen domain
while avoiding any validation checks which apply to that domain.
‍

The email contains a highly suspicious link to a file storage host bafybeiaylac7v34xccdujkx5l4ulnwfgq7nbwxux2ntsxz2hemzo75ox3y.ipfs.dweb[.]link.
These can be used to host malicious content on websites that appear reputable. The host has a 100% rarity score based on references in internal traffic.
‍

The link was hidden from the user and masked by text reading View Document. An inducement score of 70% suggests the sender is trying to induce the user into clicking.

HISTORY
2
Users
1
Days
ASSOCIATION
0
Users
0
Days
VALIDATION
SPF
DKIM
DMARC
Main Action
By understanding you, Darktrace has determined:
Cloud Platform Abuse
Cloud Platform Abuse
Cloud Platform Abuse
High Mailing History
High Mailing History
High Mailing History
Mailer
Mailer
Mailer
Notification
Notification
Notification
Hold Message
Lock Link
Double Lock Link
Convert Attachment
Strip Attachment
Move to Junk
Add a Banner
Unspoof
Darktrace/Email's Explainable AI
PREVIEW EMAIL

The sender no-reply@dropbox.com has included a reply to address bks@balema-inc.com which is different to their own. The domain in this address
balema-inc.com has no prior association on the network. This may be an attempt to redirect replies to a covert inbox.

‍
The text in this email was assigned a very high inducement score. The text is similar to Phishing emails seen previously.

HISTORY
19
Users
419
Days
ASSOCIATION
0
Users
0
Days
VALIDATION
SPF
DKIM
DMARC
Main Action
By understanding you, Darktrace has determined:
Recolección de credenciales
Recolección de credenciales
Recolección de credenciales
Fake Account Alert
Fake Account Alert
Fake Account Alert
Low Mailing History
Low Mailing History
Low Mailing History
No Association
No Association
No Association
Spoofing Indicators
Spoofing Indicators
Spoofing Indicators
Hold Message
Lock Link
Double Lock Link
Convert Attachment
Strip Attachment
Move to Junk
Add a Banner
Unspoof
Darktrace/Email's Explainable AI
PREVIEW EMAIL

The sender appears to be impersonating an internal service by referencing the company domain in the subject line. This tactic allows attacks to avoid any validation checks which apply to this domain.
‍

The email contains a highly suspicious link to a host https://www.youtube.com/attribution_link?u=http://6dg924.xyz which the system believes will redirect the user to a different destination upon clicking. The link was hidden from the user and masked by text reading Keep My Same Password.
‍

The domain 2314647839845.com was registered only 1 days ago.

HISTORY
0
Users
0
Days
ASSOCIATION
0
Users
0
Days
VALIDATION
SPF
DKIM
DMARC
Main Action
By understanding you, Darktrace has determined:
Recolección de credenciales
Recolección de credenciales
Recolección de credenciales
Security Team Impersonation
Security Team Impersonation
Security Team Impersonation
Non-Productive Email
Non-Productive Email
Non-Productive Email
Spoofing Indicators
Spoofing Indicators
Spoofing Indicators
New Contact
New Contact
New Contact
Hold Message
Lock Link
Double Lock Link
Convert Attachment
Strip Attachment
Move to Junk
Add a Banner
Unspoof
Darktrace/Email's Explainable AI
PREVIEW EMAIL

The sender is impersonating an internal service by referencing the domain holdingsinc.com in their display name. This tactic allows attacks to avoid any validation checks which apply to this domain.

‍
The email contains a highly suspicious link to a file storage host fislkdjklscnjkx7sldjfksdnmk45jljkdjflksdj35ljdks|873dcljxss.ipfs.cf-ipfs[.]com,. These can be used to host malicious content on websites that appear reputable. The host has a 100% rarity score based on references in internal traffic. The link was hidden from the user and masked by text reading UPGRADE NOW. An inducement score of 70% suggests the sender is trying to induce the user into clicking.

HISTORY
1
Users
0
Days
ASSOCIATION
0
Users
0
Days
VALIDATION
SPF
DKIM
DMARC
Main Action
By understanding you, Darktrace has determined:
Payment Scare
Payment Scare
Payment Scare
Malware or Ransomware
Malware or Ransomware
Malware or Ransomware
Spam
Spam
Spam
No Association
No Association
No Association
Non-Productive Email
Non-Productive Email
Non-Productive Email
Hold Message
Lock Link
Double Lock Link
Convert Attachment
Strip Attachment
Move to Junk
Add a Banner
Unspoof
Darktrace/Email's Explainable AI
PREVIEW EMAIL

The email contains an attachment which the system considers to be unexpected and potentially harmful, 57A89E18C76C.pdf.

HISTORY
0
Users
0
Days
ASSOCIATION
0
Users
0
Days
VALIDATION
SPF
DKIM
DMARC
Main Action
By understanding you, Darktrace has determined:
Malware or Ransomware
Malware or Ransomware
Malware or Ransomware
Convocatoria
Convocatoria
Convocatoria
VIP Impersonation
VIP Impersonation
VIP Impersonation
Non-Productive Email
Non-Productive Email
Non-Productive Email
Spoofing Indicators
Spoofing Indicators
Spoofing Indicators
Hold Message
Lock Link
Double Lock Link
Convert Attachment
Strip Attachment
Move to Junk
Add a Banner
Unspoof
Darktrace/Email's Explainable AI
PREVIEW EMAIL

The sender appears to be impersonating a high value internal user, roxanna lee loney, (Finance Director).
‍

The email contains an attachment which the system considers to be highly unexpected, Excepturi.html. It contains javascript code which is used by attackers to enable dynamic webpage features not available in email clients.
‍

Text analysis of the email suggests there may be an attempt to solicit the user into responding via a telephone call.

HISTORY
0
Users
0
Days
ASSOCIATION
0
Users
0
Days
VALIDATION
SPF
DKIM
DMARC
Main Action
By understanding you, Darktrace has determined:
Convocatoria
Convocatoria
Convocatoria
VIP Impersonation
VIP Impersonation
VIP Impersonation
Non-Productive Email
Non-Productive Email
Non-Productive Email
Spoofing Indicators
Spoofing Indicators
Spoofing Indicators
Freemail
Freemail