Job Scam (unsolicited sender)

calendar Jun 24, 2024  ยท
Share on: linkedin copy

Detects job scam attempts by analyzing the message body text from an unsolicited sender.

Sublime rule (View on GitHub)

 1name: "Job Scam (unsolicited sender)"
 2description: |
 3    Detects job scam attempts by analyzing the message body text from an unsolicited sender.
 4type: "rule"
 5severity: "low"
 6source: |
 7  type.inbound
 8  and any(ml.nlu_classifier(body.current_thread.text).intents,
 9          .name in ("job_scam")
10          and .confidence == "high"
11          and (
12            any(ml.nlu_classifier(body.current_thread.text).entities,
13                .name == "financial"
14            )
15            or strings.icontains(body.current_thread.text, "kindly")
16          )
17  )
18  and (
19    not profile.by_sender().solicited
20    or profile.by_sender().any_messages_malicious_or_spam
21  )
22  and not profile.by_sender().any_false_positives  
23attack_types:
24  - "BEC/Fraud"
25tactics_and_techniques:
26  - "Social engineering"
27detection_methods:
28  - "Content analysis"
29  - "Header analysis"
30  - "Natural Language Understanding"
31  - "Sender analysis"
32id: "a37dc32d-33a4-5097-a585-ff6c345d0ecc"
to-top