Job Scam (first-time sender)

calendar Aug 21, 2023  ยท
Share on: linkedin copy

Detects job scam attempts by analyzing the email body text from a first-time sender.

Sublime rule (View on GitHub)

 1name: "Job Scam (first-time sender)"
 2description: |
 3    Detects job scam attempts by analyzing the email body text from a first-time sender.
 4type: "rule"
 5severity: "low"
 6source: |
 7  type.inbound
 8  and any(ml.nlu_classifier(body.current_thread.text).intents,
 9          .name in ("job_scam")
10          and .confidence == "high"
11          and any(ml.nlu_classifier(body.current_thread.text).entities, .name == "financial")
12  )
13  and (
14    (
15      sender.email.domain.root_domain in $free_email_providers
16      and sender.email.email not in $sender_emails
17    )
18    or (
19      sender.email.domain.root_domain not in $free_email_providers
20      and sender.email.domain.domain not in $sender_domains
21    )
22  )  
23attack_types:
24  - "BEC/Fraud"
25tactics_and_techniques:
26  - "Social engineering"
27detection_methods:
28  - "Content analysis"
29  - "Header analysis"
30  - "Natural Language Understanding"
31  - "Sender analysis"
32id: "a37dc32d-33a4-5097-a585-ff6c345d0ecc"
to-top