Darktrace/Email use cases

A favorite target

Attempts to exploit vulnerabilities in the inbox are growing more sophisticated and effective. Learn how Darktrace/Email can protect your users from targeted threats.

Phishing

Phishing attacks - which lure users into giving away their credentials - are getting more sophisticated as attackers adopt automation tools to launch targeted attacks at scale.

Darktrace/Email spots the subtle signs of a sophisticated email threat and takes action to neutralize it.

Sample analysis of Darktrace/Email
Every email is different, there’s no one size fits all, but here’s how an Account Takeover might look in Darktrace/Email
Often seen with:

Account Takeover

A threat actor can get hold of your employees' credentials through a phishing attack, a data leak, or by purchasing them on the Dark Web.

Once inside an account, they have access to everything that user has access to, and can use the trusted contact as a springboard to launch a further assault.

Because it learns how each of your users normally behave, Darktrace can piece together multiple signs of an account takeover and put an end to the compromise.

Sample analysis of Darktrace/Email
Every email is different, there’s no one size fits all, but here’s how an Account Takeover might look in Darktrace/Email
Often seen with:

Complete Microsoft Protection

Darktrace and Microsoft have partnered to offer organizations complete cyber stability in email and beyond.

Darktrace/Email complements Microsoft Defender for Office 365 with Self-Learning AI that learns you, and recognizes when an email doesn't belong.

Supply Chain Attack/Vendor Email Compromise


Email is the number one way companies communicate with one another, and a compromised partner or supplier poses a serious risk.

Attackers will hijack trusted domains in order to bypass security rules and policies. By analysing on an account by account, email by email basis, rather than relying on domain reputation, Darktrace/Email can effectively mitigate supply chain email risk.

Sample analysis of Darktrace/Email
Every email is different, there’s no one size fits all, but here’s how an Supply Chain Attack might look in Darktrace/Email
Often seen with:

Data Loss


Darktrace/Email has complete visibility over inbound and outbound mail flow.

It gives you oversight of potential data loss incidents that may result from account takeover or insider threat, and highlights users who are displaying unusual behavior through multiple data loss incidents.

Sample analysis of Darktrace/Email
Darktrace has a tag specifically designed for incidents of data loss, which fires according to outbound file size and other characteristics around an email.
Think we have to do this one differently as there's only really one tag.
BLOG

Data exfiltration in Latin America

BLOG

Double extortion ransomware

CEO Fraud


CEO fraud occurs when an attacker uses the authority of a CEO to solicit sensitive information or a fraudulent wire transfer.

Darktrace/Email looks specifically for spoofing attempts in which emails are sent from lookalike email addresses, and recognizes attempts at solicitation from the language in the body of an email. It then blocks the threatening component of an email or holds it back entirely.

Sample analysis of Darktrace/Email
Every email is different, there’s no one size fits all, but here’s how CEO fraud might look in Darktrace/Email
Often seen with:

Invoice Fraud


Invoice fraud may involve a threat actor impersonating a supplier and informing your company that their payment details have changed.

Darktrace/Email recognizes spoof attempts and detects attempts at invoice fraud through language in the body of the email, and takes action to ensure the attack does not succeed.

Sample analysis of Darktrace/Email
Every email is different, there’s no one size fits all, but here’s how Invoice Fraud might look in Darktrace/Email
Often seen with:

Social Engineering


Social engineering involves psychologically manipulating a recipient to take an action they otherwise would not, often through involking emotions such as Fear, Uncertainty, or Doubt (FUD).

Darktrace/Email recognizes patterns in the communication which indicate social engineering for malicious purposes, and holds the email back.

Sample analysis of Darktrace/Email
Every email is different, there’s no one size fits all, but here’s how social engineering might look in Darktrace/Email
Often seen with:

Extortion


An attacker may claim to have compromising information or material in order to extort
crypto-currency payments from employees.

These are usually empty threats, but that doesn't stop them from succeeding. Darktrace/Email recognizes attempts at extortion from the language in the body of the email, and holds the email back from delivery.

Sample analysis of Darktrace/Email
Every email is different, there’s no one size fits all, but here’s how an Account Takeover might look in Darktrace/Email
Often seen with:

Ransomware & Malware


Email serves as the most direct route for attackers to drop malware into an organization. Whilst in theory, email gateways and malware scanners should stop these attacks, in practice these tools are trained to spot known threats, and attackers are constantly innovating.

Darktrace/Email stops malware and ransomware at the first hurdle by recognizing subtle signs of unusual activity that points to this kind of attack. It then takes action to remove just the threatening component of the email.

Sample analysis of Darktrace/Email
Every email is different, there’s no one size fits all, but here’s how an email malware attack might look in Darktrace/Email
Get rid of these or replace with actions:

Impersonation & Spoofing


An attacker might try and impersonate your CEO, your accounts team, or your HR department, in order to extract valuable information or solicit a fraudulent payment.

Darktrace/Email recognizes visually similar email addresses to those in your organization, and spots patterns in the body of an email consistent with solicitation. It takes action to hold these spoofing attempts back from the inbox.

Sample analysis of Darktrace/Email
Every email is different, there’s no one size fits all, but here’s how an Account Takeover might look in Darktrace/Email
Often seen with: