On this page:
Attack Spotlight
January 29, 2025
Credential phishing attempt impersonating Charles Schwab to steal login credentials and two-factor code.
Sublime’s Attack Spotlight series is designed to keep you informed of the email threat landscape by showing you real, in-the-wild attack samples, describing adversary tactics and techniques, and explaining how they’re detected.
EMAIL PROVIDER: Google Workspace
ATTACK TYPE: Credential Phishing, Brand Impersonation
As phishing attempts evolve, so do their bells and whistles. Modern attacks typically include redirection through CAPTCHA and convincing login pages. In a recent Charles Schwab credential phishing attempt that Sublime prevented, we saw the use of 2FA as part of the authentication process. Here’s the how the attack works:
Sublime's AI-powered detection engine prevented this attack. The top signals in these attacks are:
Additionally, the Sublime Core Feed contains a wide and growing range of brand impersonation Detection Rules, including Charles Schwab.
Sublime detects and prevents credential phishing, brand impersonation, and other email-based threats. Start your free account today, managed or self-managed, for out-of-the-box coverage for these types of attacks with the ability to customize their handling for your environment.
Read more Attack Spotlights:
Sublime releases, detections, blogs, events, and more directly to your inbox.
The latest research, attack spotlights, and product updates.
Experience Sublime’s adaptable email security platform and take control of your email environment today.