Detections
- Home
- - Detections
- -DT041
- ID: DT041
- Created: 01st June 2024
- Updated: 01st June 2024
- Contributor: The ITM Team
Email Gateway
Email gateway solutions offer the ability to trace inbound and outbound emails to an organization. This can be used to retrieve information such as emails sent or received, the subject line, content, attachments, timestamps, and recipients.
Sections
ID | Name | Description |
---|---|---|
IF010 | Exfiltration via Email | A subject uses electronic mail to exfiltrate data. |
PR022 | Social Engineering (Outbound) | A subject deceptively manipulates and/or persuades others in order to gain access to devices, systems or services that hold sensitive information, or to otherwise cause harm or undermine a target organization. |
IF010.001 | Exfiltration via Corporate Email | A subject exfiltrates information using their corporate-issued mailbox, either via software or webmail. They will access the conversation at a later date to retrieve information on a different system. |
IF010.002 | Exfiltration via Personal Email | A subject exfiltrates information using a mailbox they own or have access to, either via software or webmail. They will access the conversation at a later date to retrieve information on a different system. |
PR015.003 | Email Forwarding Rule | The subject creates an email forwarding rule to transport any incoming emails from one mailbox to another. |
MT012.002 | Extortion | A third party uses threats or intimidation to demand that a subject divulge information, grant access to devices or systems, or otherwise cause harm or undermine a target organization. |
MT012.001 | Social Engineering (Inbound) | A third party deceptively manipulates and/or persuades a subject to divulge information, or gain access to devices or systems, or to otherwise cause harm or undermine a target organization. |
IF011.001 | Intentionally Weakening Network Security Controls For a Third Party | The subject intentionally weakens or bypasses network security controls for a third party, such as providing credentials or disabling security controls. |