Abnormal Security - Outbound DLP

Festival Sales Report | Copper Stokes

4 days ago • Jan 21, 2025, 3:20pm PST

Analysis Overview

Employee sent an email to a recipient at copperstokes.com who they rarely communicate with. Abnormal believes this email may likely be misdirected.

RECIPIENT DOMAIN MISMATCH WITH ATTACHMENT

The attachment name references "visitas" which might not be intended for a recipient at copperstokes.com.

RARE RECIPIENT

The employee rarely communicates with recipients at copperstokes.com. The recipient may be unusual.

Email Content

Subject: Festival Sales Report | Copper Stokes

Sender: Josh Waters <josh.waters@enterprise.com>

To: Bailey Martin <bailey.martin@copperstokes.com>

Jan 21, 2025, 3:20pm PST

sales_report_visitas_2025.pdf

Hi Bailey,

I hope you're doing well!

I've attached Copper Stokes Sales Report for December 2025. This includes the latest performance metrics, trends, and booking insights we've gathered over the past month. Let me know if you have any questions or if there's anything specific you'd like to dive deeper into.

Looking forward to hearing your thoughts and discussing next steps. Let me know a convenient time if you'd like to connect!

Best,

Josh

Activity log

Employee Released Email

Jan 21, 2025, 3:21pm PST

Abnormal Notified Employee

Jan 21, 2025, 3:20pm PST

Routed to Microsoft Quarantine

Jan 21, 2025, 3:20pm PST

Flagged by Abnormal

Jan 21, 2025, 3:20pm PST

Engineering Reference Only

Heuristic Name

subject-and-attachment-client-mismatch-with-rare-recipient (Attachment)

When to show

If only attachment is mismatched with recipient domain

Email Notification

REPORTING

MESSAGING

ACCOUNT

POSTURE

KNOWLEDGE

ENHANCE

Message Details

Analysis Overview

Email Content

Activity log

Engineering Reference Only