<ul><li>Internal to Internal refers to a type of phishing email that was sent from one internal email address to another internal email address. This phishing attack is dangerous because internal emails are trusted more than external ones, making it easier for recipients to open attachments or click on embedded links.</li><li>The investigation starts by parsing the email to obtain information about the email's timestamp, SMTP address, sender address, recipient address, mail content, and attachments.</li><li>The email was sent on Feb 07, 2021, at 04:24 AM from the sender address john@letsdefend.io to the recipient address susie@letsdefend.io. The email content seemed like a normal non-suspicious email with no attachments.</li><li>The investigation concludes that it is a false positive alert as there were no malicious attachments or URLs in the email. The alert can be closed.</li></ul>

LetsDefend SIEM Alert: Phishing Mail Detected - Internal to Internal - EventID: 52

Discover more