Use Case: Malware - Link

See how Abnormal detects and blocks malware links before your employees can click on them.

Watch the video to see how Abnormal automatically detects malicious links sent via email.

Video Transcript

Let's take a look at how Abnormal is able to detect link-based malware attacks.

In this example, we see an email that appears to be coming from DocuSign Service. However, this email is coming from a user account@horizonmanagement[.]com—very likely a compromised account that a threat actor is leveraging in an attempt to bypass sender authentication checks from traditional secure email gateways.

Within the body of the email, we do see an invoice and a link that goes out to it, and I can click this to get a quick preview. In this case, the threat actor is using Google Docs to bypass any sort of threat intelligence or sandboxing checks that would take place on this.

And within the actual body of this Google document, we see an invoice that's able to be clicked as well as DocuSign logos. Of course, this was just generated by the threat actor. This is not a real DocuSign service, and this link could do a multitude of different things when the user clicked on it. It could take them out to a credential phishing website, or in this case, it would actually initiate a drive-by download of a file that would automatically run.

How is Abnormal able to uniquely detect this attack?

First of all, we see an unusual sender. This sender name matches a known brand of DocuSign, but we don't typically see emails from DocuSign coming from this email address. Within the body of the email, we're seeing file sharing links, which are commonly associated with these malicious payloads. We do see some personal information theft or language around it. And lastly, we see this suspicious financial request. Again, with the language of this email, looking at the text analysis, we see some language around finances and password-related information here.

So Abnormal was able to accurately detect this email as malware. Based on all this attack analysis that we did here, this would've been automatically remediated and never accessible to the end user.

Want to know more? Request your personalized demo today.

Use Case: Malware - Link

See Abnormal in Action

Schedule a Demo

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

See a Demo
Integrates Insights Reporting 09 08 22

Related Resources

Abnormal Landscape
See how Abnormal is working to make the cloud a safer place for business by protecting against all types of attacks across all types of cloud applications.
Watch Now
B TAG Cyber
Download the white paper to discover how to better secure your cloud email environment and choose the right security solutions provider.
Read More
New survey reveals the latest trends shaping communication and collaboration application security.
Read More
B 1500x1500 Choice Hotels Bright Talk Demo Day L1 R1
Discover how Choice Hotels is simplifying their email security, streamlining their operations, and preventing email attacks with the highest efficacy.
Watch Now
B 05 01 23 MKT279 New Slack Data Sheet
Secure your messages and keep Slack from becoming an entry point for attackers.
Read More
B 05 02 23 MKT283 New Zoom Solution Brief
Protect your Zoom collaboration and prevent attackers from using the application to breach your business.
Read More
B Email Like SPM
Monitor high-impact changes to user privileges across collaboration apps with Email-Like Security Posture Management.
Read More
B Email Like Messaging Security
Detect malicious message content across collaboration apps with Email-Like Messaging Security.
Read More
B Email Like ATO
Detect compromised user accounts across your critical communication channels with Email-Like Account Takeover Protection.
Read More