Smart Banners
Overview
Smart Banners are labels added to safe incoming emails to help you stay alert and follow security best practices. They serve the following purposes:
-
Identify suspicious emails – Highlight external, unverified, or potentially fraudulent messages.
-
Make you cyber-aware – Draw your attention to suspicious elements that, combined with your own judgment, may reveal a malicious email.
-
Remind you to follow company policy – Prompt you to follow specific guidelines, such as handling invoices or billing change requests appropriately.
Supported Smart Banners
Avanan supports these Smart Banners:
|
Category |
Smart Banner Name |
Description |
|---|---|---|
|
Business email compromise |
Sender resembles a real contact |
Email from a sender that resembles but is not identical to a contact the recipient is corresponding with. |
|
Request to update payment details 1 |
Email that resembles a request from vendors to change their payment details. |
|
|
Invoice from a new vendor 1 |
Email with an invoice from a vendor that never contacted before. |
|
|
Payroll information update request 1 |
Emails from external senders requesting to update their payroll information. |
|
|
Financial transaction requests |
Emails with Invoices / POs 1 |
Email that contains a request for payment in the form of invoice or purchase order. |
|
Payment request via payment service |
Email that contains a payment request received via accounts in payment services. |
|
|
Avoiding inspection
|
Emails with links to restricted resources |
Email with links to resources with restricted access, possibly in order to avoid inspection. |
|
Emails that appear to be from an e-sign service 6 |
Emails that contains a link to an e-sign document, possibly in order to avoid inspection. |
|
|
Fundamentals |
Sender name different than address |
Email from sender with a name that is significantly different from the email address which may indicate an impersonation attempt. |
|
Reply-to domain recently created and its address is different than the sender’s |
Email with reply-to address different from sender address and whose reply-to domain is created recently. |
|
|
Sender domain created recently 2 |
Email whose sender domain was created recently. |
|
|
Sender SPF failed |
Email that failed SPF checks. |
|
|
Incoming emails from external senders |
Email from an external sender (outside the organization). |
|
|
Impersonation
|
First-time sender to recipient 3,4,5 |
Email from a sender that never sent an email to the recipient before. |
|
First-time sender to recipient domain 4,5 |
Email from a sender that never exchanged an email with the recipient domain before. |
|
|
Sender resembles a person within the organization |
Emails from a first-time sender whose display name is identical to a person within the organization. |
1 These banners apply only to emails written in English.
2 This banner will be applied to emails only if the sender's domain was created in the last 100 days.
3 The First-time sender banner will not be applied to the recipient's emails after 24 hours from the sender's first email.
4 If an email is sent to multiple recipients, the banner will be added only if the condition applies to all recipients.
5 The banner will not be added if the sender domain regularly interacts in high volumes with other recipients from your domain. This exception does not apply to public domains. For example, gmail.com.
6 If an email appears to reference an electronic signature and may contain links that cannot be inspected for phishing or viruses, ensure its authenticity before clicking any links or taking further action.