Brand impersonation: Apple

calendar Aug 21, 2023  ยท
Share on: linkedin copy

Impersonation of Apple.

Sublime rule (View on GitHub)

 1name: "Brand impersonation: Apple"
 2description: |
 3    Impersonation of Apple.
 4references:
 5  - "https://www.computerworld.com/article/3538470/how-to-protect-against-apple-phishing-scams.html"
 6type: "rule"
 7severity: "high"
 8source: |
 9  type.inbound
10  and (
11    sender.display_name =~ 'apple developer'
12    or strings.ilevenshtein(sender.display_name, 'apple developer') <= 2
13  )
14  and sender.email.domain.root_domain !~ 'apple.com'
15  and sender.email.email not in $recipient_emails  
16attack_types:
17  - "Credential Phishing"
18tactics_and_techniques:
19  - "Impersonation: Brand"
20  - "Social engineering"
21detection_methods:
22  - "Header analysis"
23  - "Sender analysis"
24id: "0b17f2c2-e100-5d51-b53e-ee3da0431f1d"
to-top