This attack features an impersonation of freight company DAT One. The subject line is "URGENT: Verify Your DAT Account," with the email urging the recipient to verify their account details by clicking a link. This attack is sophisticated because the attacker employs "operations@datone.us" as the sending address, a close approximation of DAT's legitimate customer support email address. Some recipients would likely look past this level of social engineering and assume this email is genuine, given the legitimate-looking domain. The link in the email's body is "www.dataone.us," which also closely resembles DAT One's actual domain. The conversational nature of the email content also makes this attack particularly challenging to detect.

Legacy security tools have difficulty detecting this as an attack because of the lack of attachments, the external site link in the email, and the unknown domain used by the attacker. Modern, AI-powered security solutions correctly identify this as an attack with advanced link and content analysis and the presence of urgency in the subject line, a common social engineering tactic.

Status Bar Dots
Aug15 Screenshot

How Does This Attack Bypass Email Defenses?

This email attack bypasses traditional security solutions for multiple reasons, including the following:

  • No Attachments: The email does not contain any attachments, often scanned by legacy security tools for malicious content. The absence of attachments might make the email appear less suspicious to legacy tools.
  • Link to External Site: The email contains a link to an external site. Legacy security tools may be unable to scan external sites' content for malicious activity.
  • Unknown Domain: The email is from an unknown domain without prior interactions. Legacy security tools may be unable to track and flag emails from unknown domains.

How Did Abnormal Detect This Attack?

This attack was detected using AI and ML by analyzing various factors, including the following:

  • Link Analysis: The email contains a link to an external, potentially dangerous site. Abnormal's AI analyzes the content of external sites for malicious activity, which legacy systems often cannot do.
  • Content Analysis: Abnormal's system analyzes email content for signs of phishing or other attacks. In this case, this email asks the recipient to verify their account, a common phishing tactic.
  • Urgency in Subject Line: The email's subject line contains "URGENT." Abnormal's system recognizes this social engineering as a standard tactic attackers use to create a sense of urgency and prompt the recipient to act without thinking.


By recognizing established normal behavior and detecting these abnormal indicators, a modern email security solution has the ability to prevent this attack from reaching inboxes.

Please note the exact detection mechanism from Abnormal Security's system might include proprietary techniques and methodologies not disclosed here.

Analysis Overview

Vector

Link-based

Goal

Credential Theft

Tactic

Maliciously Registered Domain

Theme

Account Verification

Impersonated Party

External Party - Vendor/Supplier

AI Generated

Likely

See How Abnormal Stops Emerging Attacks

See a Demo