Learn about the threat types, security risks, and detection signals in Correlated Intelligence.
Threat Types
The following table lists the threat types that Correlated Intelligence can
detect.
|
Threat Type
|
Description
|
|
Phishing - Advanced Phishing
|
A type of phishing that uses more sophisticated techniques to
evade detection systems. For example, advanced phishing uses
anti-bot mechanisms to prevent security solutions from accessing
the email content for analysis, or it can redirect to a
legitimate web page instead showing a phishing website to
security solutions.
|
|
Phishing - Data Exfiltration
|
A type of phishing that uses various techniques to steal users'
data, such as credentials. For example, it might leverage
existing form services to show a fake login page to users.
|
|
Suspicious Email
|
Email with unusual traits that appear suspicious and may signal
potential threats.
|
|
Possibly Unwanted Email
|
Email that may be unsolicited and deemed undesirable or
unnecessary by the recipient.
|
Security Risks
The following table lists the security risks that Correlated Intelligence can
detect.
|
Security Risk
|
Threat Type
|
Description
|
| Phishing Email with Anti-bot Mechanisms |
Phishing - Advanced Phishing
|
The email shows anti-bot behavior, such as using CAPTCHA,
returning blank pages, or restricting access to specific
regions.
|
|
Adversary-in-The-Middle (AiTM) Phishing for Session Cookie
Theft
|
The email uses AiTM techniques to steal session cookies to bypass
MFA and gain access even without credentials.
|
|
|
Quishing Email
|
The email contains a QR code that stores a phishing URL which
directs users to a malicious website.
|
|
|
Phishing Intention and Detection Evasion
|
The email asks you to perform credentials related actions and
contains URLs that use techniques like anti-bot mechanisms and
CAPTCHA to evade detection.
|
|
|
Quishing Email with Anti-bot Behavior
|
This is a quishing email that leverages advanced techniques to
evade detection, such as by directing users to a file stored in
a legitimate file sharing service that contains the actual
phishing link.
|
|
|
Phishing Attachment for Credential Theft
|
Phishing - Data Exfiltration
|
The email attempts to steal the user’s credentials by using an
email attachment (such as HTML or PDF file) with phishing
links.
|
Anomalies
The following table lists the anomalies that Correlated Intelligence can detect.
|
Security Risk
|
Threat Type
|
Description
|
| Possible Quishing Email |
Suspicious Email
|
The email contains a QR code that stores a URL. Moreover, the
email is from a low-activity sender or the URL shows anti-bot
behavior.
|
|
Unusual DocuSign Email
|
The email claims to come from Docusign, but is from a
low-activity sender or contains a URL that shows anti-bot
behavior.
|
|
|
Possible Phishing Intention and Detection Evasion
|
The email appears to prompt you to perform credential related
actions and contains URLs that likely use techniques like
anti-bot mechanisms and CAPTCHA to evade detection.
|
|
|
Email with Possible Invisible Prompts
|
The email likely contains invisible prompts which may be an
attempt from the sender to exploit the recipient’s AI tools.
|
|
|
Possibly Unwanted Marketing Email
|
Possibly Unwanted Email
|
The email shows one or more traits that are typical of
unsolicited marketing messages.
|
|
Possibly Unwanted Webinar Email
|
The email shows one or more traits that are typical of
unsolicited Webinar messages.
|
|
|
Possibly Unwanted Notification
|
The email is a cloud app notification that might be
undesirable.
|
Detection Signals
The following tables shows the signals that Correlated Intelligence correlates to
identify security risks and anomalies.
|
Detection Signal
|
Description
|
|
Possible Brand Impersonation
|
The email claims to come from a brand but does not align with the
normal patterns of this brand.
|
|
Newly Observed Sender
|
The sender has not sent any email in the observable past,
potentially being exploited for malicious purposes.
|
|
Account Request in Attachment
|
The email asks you to reset passwords, re-activate accounts, or
perform other credential related operations in its attachment,
possibly indicating phishing intentions.
|
|
HTML Obfuscation
|
The HTML attachment uses advanced obfuscation methods to encode
all of its content, possibly to evade analysis by detection
systems.
|
|
Form Service Abuse in Attachment
|
The email uses a popular form service in its attachment,
potentially exploiting the service to trick users into revealing
their personal information.
|
|
CAPTCHA Challenge by Suspicious Website
|
The website is rarely seen or flagged for suspicious activities
and is using CAPTCHA verification, potentially tricking users
into trusting the website and preventing detection systems from
analyzing it.
|
|
Possibly Suspicious Domain
|
This is a low-activity domain, which is either newly observed or
have been created long ago. This type of domains is frequently
exploited by malicious websites.
|
|
Encoded Email Address in URL
|
The email contains a URL with encoded email address, which is
often exploited to make the website appear trustworthy by
autofilling the credentials and showing a seemingly authentic
login page.
|
|
QR Code for URL
|
The QR code in the email stores a URL.
|
|
Phishing URL in QR Code
|
The URL stored in the email is a phishing link that directs users
to a malicious website.
|
|
Email with Docusign Traits
|
The email contains traits typical of Docusign. It might come from
Docusign or a malicious actor impersonating Docusign.
|
|
File Sharing Service Abuse
|
The email uses a file sharing service frequently abused by
malicious actors, possibly exploiting this service to trick
users into downloading suspicious files.
|
|
Marketing Email Traits
|
The email shows one or more traits that are typical of
unsolicited marketing messages.
|
|
Webinar Email Traits
|
The email shows one or more traits that are typical of
unsolicited Webinar messages.
|
|
Cloud App Notification
|
The email is a cloud app notification that might be
undesirable.
|
|
Credential Verification Request
|
The email contains requests for recipients to log in or change
password.
|
|
Purchase or Shipment Notification
|
The email is a notification about a purchase or shipment.
|
|
Urgent Request
|
The email shows a sense of urgency by requesting the recipient to
take immediate action.
|
|
Account or Service Error
|
The email informs the recipient that something is wrong with
their account or service.
|
|
Request to Access External Resource
|
The email asks the recipient to access an external resource, such
as a website or an online document.
|
|
Email with Possible Invisible Prompts
|
The email likely contains invisible prompts which may be an
attempt from the sender to exploit the recipient’s AI tools.
|