Support Center > Search Results > SecureKnowledge Details
Phishing email sent internally not detected Technical Level
Symptoms
  • Geo location alert of user:

  • Alert of unusually high amount of emails sent from an internal user.

  • Email found in the users outbox.

  • Internal Users received this email.

Cause

The geo alert that the internal user has logged in from another country, followed by an alert that an unusual amount of emails were sent from this user's account, indicates that the internal user password was stolen.

The email sent internally was not detected by the phishing. This is because the email sent internally are from trusted users and are scanned by the internal model.

Internal emails are scanned in internal model on a less aggressive setting to minimize False Positives.


Solution
Note: To view this solution you need to Sign In .