Abnormal detects various malicious signals and generates dynamic and unique insights based on the content, sender, and recipient behavior of each email and their unique context. Signals and explanations are broken down into the following categories:
Suspicious Link(s)
The email content is unusual due to one of the following:
Link(s) Detected in Attachment
The email attachment contains a URL link to an external website that may be malicious.
Redirect Link(s) Detected
The original link in the email appears to redirect to alternative links that may be malicious.
Link(s) Detected in Cloud-sharing Document
The link appears to be a cloud-sharing document that contains embedded links to external sites.
Unusual Sender
The email exhibits suspicious sending behavior:
Unusual IP Geolocation
The email’s IP address indicates a combination of:
Potential Spoof
Email Authentication (DMARC, DKIM, SPF) fails even though email is sent from a legitimate company domain. The email account is potentially spoofed.
Invisible Character(s) Found in Email
The email body contains invisible Unicode characters, a common pattern that we have observed in email attacks.
Abnormal Recipient Pattern
All email recipients were BCC’d, a common pattern when attackers send similar attacks to many recipients.
Suspicious Attachment
The attachment’s extension type is suspicious and potentially contains malware.
Unusual Sender Domain
The email’s sender domain is suspicious:
Unusual Reply To
The Reply-to address exhibits a suspicious pattern:
Potential Gift Card Fraud
The email subject/body contains language commonly found in Gift Card Fraud attacks.
Potential Payroll Fraud
The email subject/body contains language commonly found in email Payroll Fraud attacks.
Suspicious Fax or Voicemail notification
The message resembles an automated system such as fax or voicemail notification with malicious content, a common method of email attack
Bitcoin Topics
The email may be a bitcoin extortion attack, as the message body contains the bitcoin phrases commonly found in bitcoin extortion attacks.
No, individual signals are not typically deterministic. Threats such as credential phishing or account takeovers are typically accompanied by numerous malicious and abnormal actions outlined above. Abnormal accounts for thousands of signals in it’s models before making a determination if the message is safe or malicious.
Schedule a personalized product demo to see:
Schedule a personalized product demo to see:
Abnormal is the email security company that stands for trust.
© 2020 Abnormal Security Corporation.
All rights reserved.