Reports an email address. Date of malicious activity defaults to the current time unless otherwise specified.
Email address being reported.
Tags that should be applied. See detailed descriptions below for more information.
account_takeover- Legitimate email has been taken over by a malicious actor
bec- Business email compromise, whaling, contact impersonation/display name spoofing
brand_impersonation- Impersonating a well-known brand (e.g. Paypal, Microsoft, Google, etc.)
browser_exploit- The hosted website serves an exploit
credential_phishing- Attempting to steal user credentials
generic_phishing- Generic phishing, should only be used if others don’t apply or a more specific determination can’t be made or would be too difficult
malware- Malicious documents and droppers. Can be direct attachments, indirect free file hosting sites or droppers from malicious websites
scam- Catch-all for scams. Sextortion, payment scams, lottery scams, investment scams, fake bank scams, etc.
spam- Unsolicited spam or spammy behavior (e.g. forum submissions, unwanted bulk email)
spoofed- Forged sender email (e.g. the envelope from is different than the header from)
task_request- Request that the recipient perform a task (e.g. gift card purchase, update payroll, send w-2s, etc.)
threat_actor- Threat actor/owner of phishing kit
Additional information and context.
When this activity occurred in UTC. Defaults to now().
Number of hours the email should be considered risky (
blacklisted=true in the
QueryResponse). Defaults to no expiration unless account_takeover tag is specified, in which case the default is 14 days.