Mimecast Alert: user responded to impersonation message
Set up the mimecast integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
To identify and alert on emails that contain user responses to impersonation messages, indicating a successful impersonation attempt.
This rule detects an email which contains impersonation attempts that have been flagged as external and malicious but have not been blocked or taken any action upon.
- Verify the nature of the user’s response to the impersonation email and assess the potential impact.
- Examine the sender’s details using
{{@senderIPAddress}} to determine the source and legitimacy. - Execute the company’s incident response protocol, which may include:
- Alerting the affected user and providing education on recognizing impersonation attempts.
- Revoking any credentials or access provided in response to the phishing email.
- Strengthening email security measures to prevent similar incidents.
