#2
Potential Phishing Analysis
When a potential phishing email is escalated to D3, either through an email protection system or manually by the recipient, D3 extracts the sender’s domain and the URL of any links in the message. D3 can then look up those extracted indicators in Recorded Future and reveal any associated malicious activity. Based on the result, the D3 user can then trigger a response playbook to block the IP, blacklist the sender, notify the email recipient, and orchestrate any other appropriate actions.