Darktrace blocked my e-mail
You've received an e-mail that looks something like this:
Before asking ICT to release the message from DarkTrace, please review the following:
- Do you recognise the sender in the From address field? Is it someone you know or is a prospective hunt for business through Spam?
- Does the address or address pattern match the expanded address in the body of the e-mail? If not, it could be marketing, but is also a high confidence impersonation attempt.
- Are you expecting an e-mail from this sender? This on it's own does not automatically make the e-mail suspcious, but certainly adds to the suspicion
- Does the e-mail make Subject match your expectations? Examples: would you expect to receive invoices or quotes for products? Would your contact normally send you files via OneDrive without prior communication?
What can I do?
- If after answering the above, you DO NOT need this e-mail, DO NOT RAISE A TICKET.
- If you need it, raise the ticket indicating that you would like this released (easiest way is to forward it to nuqleus@qcha.org.uk). This is does not automatically guarantee that we will release this; we will perform manual checks against the AI driven DarkTrace checks to ensure it is legitimately safe to release the message.