Mimecast Alert: phishing email detected

This rule is part of a beta feature. To learn more, contact Support.

Set up the mimecast integration.

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Goal

Detect when Mimecast identifies a phishing email.

Strategy

Targeted Threat Protection - Impersonation Protect tackles the increasing threat of socially engineered “whaling” attacks. This rule can used to detect an email which contains impersonation attempts that have been flagged as external and malicious with definition as phishing.

For more details: Click here

Triage and response

  1. Investigate the suspected phishing email, including sender information, email content, and any attachments.
  2. Verify whether sensitive information has been compromised and assess the impact.
  3. Apply appropriate remediation steps according to the company’s incident response policy, which may include:
    • Marking the email as phishing and reporting it to your security team.
    • Investgate sender: {{@senderAddress}} or blocking the sender’s email address.
    • Notifying potentially affected users and providing guidance on next steps.
    • Updating email filters and security measures to prevent similar attacks.