Once your mailboxes are synced, they'll be monitored for suspicious and malicious emails. As incidents happen and emails are flagged, data begins populating the Overview and Email Incidents pages. The Overview page in Email Security uses widgets to display the metrics and activity of emails in your environment.
Email incident metrics
This page is the default view when navigating to Manage > Email Security. The following metrics are tracked and displayed on the overview page:
-
Incidents: An overview of email activity.
- Inspected emails: Number of emails checked by Email Security.
- Detected emails: Number of emails flagged as threats.
- Incidents: Number of incidents. Related threat emails are grouped into a single incident to simplify investigation and response.
- Phishing: Fraudulent emails designed to look like legitimate emails. These emails intend to trick victims into providing credentials, information, or money.
- Spam: Unsolicited junk emails.
- Safe: Emails that don't pose a threat.
- Phishing Email Threats: Shows the number and types of phishing attacks. For descriptions of email threats, see the table below.
- Most Targeted Employees: Displays the top 5 employees with the most emails related to verified phishing attacks.
- Most targeted departments: Highlights the department whose employees received the highest number of emails associated with confirmed phishing attacks. Only shows data if you have departments determined within your email provider.
To change the reporting period, use the drop-down in the top-right.
Phishing email threats
| Phishing email threat | Description |
|---|---|
| Advance-fee Scam | Advance-fee attacks involve scammers requesting an upfront payment or fee under false pretenses, promising a larger reward in return, but ultimately aiming to defraud recipients without delivering the promised benefits. |
| Bulk Phishing | Mass-distributed phishing emails sent to a large number of recipients with little to no personalization, relying on volume to increase the likelihood of success. |
| Business Email Compromise | Business Email Compromise (BEC) attacks are sophisticated scams where attackers impersonate executives or employees to deceive other employees into transferring funds or sensitive information. |
| Credential Theft | Credential theft attacks are designed to trick recipients into revealing their sensitive login information, often by posing as legitimate institutions or services. |
| Extortion | Emails that threaten to release sensitive or compromising information unless a ransom is paid, often leveraging fear to coerce the recipient into compliance. |
| Financial Fraud | Emails designed to deceive recipients into making unauthorized financial transactions, such as wire transfers or payments, often by impersonating executives or finance personnel. |
| Fraudulent Request | Generic term for deceptive email requests that aim to trick recipients into providing information, funds, or access to systems, often under urgent or authoritative pretenses. |
| Gift Card Request | Scams where attackers impersonate trusted individuals (like executives or managers) to request that the recipient purchase gift cards and share the codes, typically under false pretenses like "urgent business needs |
| Image-Based Attack | Phishing emails that contain malicious content embedded in images, often bypassing text-based detection mechanisms and tricking recipients into clicking embedded links. |
| Invoice Phishing | Invoice phishing attacks involve fraudulent emails or messages that appear to be from legitimate sources, often impersonating wellknown companies or vendors, in order to trick recipients into paying for fake invoices or unauthorized service, or steal credentials. |
| Lottery Scam | Lottery scams involve fraudulent emails informing recipients they have won a prize or lottery they never entered, with scammers requesting personal information or upfront fees to claim the supposed winnings. |
| Polymorphic Phishing | Phishing attacks that use constantly changing elements—such as sender names, links, or payloads—to evade detection by traditional security filters. |
| QR Code Attack | Phishing attempts where QR codes are used to redirect recipients to malicious websites or prompt actions that compromise credentials or devices. |
| Sextortion | These attacks involve emails where scammers falsely claim to have compromising material on the recipient and demand payment to prevent its release. |
| Suspected Malicious Content | Emails containing malicious content deliver harmful attachments or links aiming to infect devices or steal data from recipients. |
| Vendor Email Compromise | Attacks where legitimate vendor accounts are compromised and used to send fraudulent emails to customers or partners, typically to redirect payments or harvest sensitive information. |
| Vendor Scam | Scams employ various deceitful tactics to trick recipients into providing money, personal information, or access to sensitive data, often by offering fake opportunities or creating a sense of urgency. |
| Vishing Attack | Phone-based phishing where attackers impersonate trusted entities to steal sensitive information. Often linked to emails prompting recipients to call fake support numbers. |
| VIP impersonation | Suspected impersonation of a VIP employee. |
Return to Email Security guide.