Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Brand impersonation: SendGrid | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/brand-impersonation-sendgrid-d800124f | |
Brand impersonation: Sharepoint | Sublime Security | 13d ago Jan 10th, 2026 | /feeds/core/detection-rules/brand-impersonation-sharepoint-284b1b70 | |
Brand impersonation: SharePoint PDF attachment with credential theft language | Sublime Security | 2mo ago Nov 7th, 2025 | /feeds/core/detection-rules/brand-impersonation-sharepoint-pdf-attachment-with-credential-theft-language-ae3756fa | |
Brand Impersonation: Shein | Sublime Security | 3mo ago Oct 15th, 2025 | /feeds/core/detection-rules/brand-impersonation-shein-b5843f22 | |
Brand impersonation: Square | Sublime Security | 3mo ago Oct 16th, 2025 | /feeds/core/detection-rules/brand-impersonation-square-63f9b449 | |
Brand impersonation: Survey request with credential theft indicators | Sublime Security | 2mo ago Nov 8th, 2025 | /feeds/core/detection-rules/brand-impersonation-survey-request-with-credential-theft-indicators-ea1c0e09 | |
Brand impersonation: TikTok | Sublime Security | 2mo ago Oct 30th, 2025 | /feeds/core/detection-rules/brand-impersonation-tiktok-aaacc8b7 | |
Brand impersonation: Toronto-Dominion Bank | Sublime Security | 3mo ago Oct 22nd, 2025 | /feeds/core/detection-rules/brand-impersonation-toronto-dominion-bank-2dc16a55 | |
Brand impersonation: Trust Wallet | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/brand-impersonation-trust-wallet-e456974c | |
Brand impersonation: UK government Home Office | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/brand-impersonation-uk-government-home-office-f35d846a | |
Brand impersonation: USPS | Sublime Security | 3d ago Jan 20th, 2026 | /feeds/core/detection-rules/brand-impersonation-usps-28b9130a | |
Brand impersonation: Vanguard | Sublime Security | 4mo ago Sep 22nd, 2025 | /feeds/core/detection-rules/brand-impersonation-vanguard-3bd048fe | |
Brand impersonation: Wise | Sublime Security | 1mo ago Dec 12th, 2025 | /feeds/core/detection-rules/brand-impersonation-wise-01480f95 | |
Brand impersonation: Zoom | Sublime Security | 4mo ago Sep 22nd, 2025 | /feeds/core/detection-rules/brand-impersonation-zoom-5abad540 | |
Business Email Compromise (BEC) attempt from untrusted sender | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/business-email-compromise-bec-attempt-from-untrusted-sender-96d4c35a | |
Business Email Compromise (BEC) with request for mobile number | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/business-email-compromise-bec-with-request-for-mobile-number-514ffd68 | |
Business Email Compromise: Request for mobile number via reply thread hijacking | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/business-email-compromise-request-for-mobile-number-via-reply-thread-hijacking-0282f346 | |
Callback phishing: Branded invoice from sender/reply-to domain less than 30 days old | Sublime Security | 3mo ago Oct 17th, 2025 | /feeds/core/detection-rules/callback-phishing-branded-invoice-from-senderreply-to-domain-less-than-30-days-old-e6f4af53 | |
Callback phishing in body or attachment (untrusted sender) | Sublime Security | 1d ago Jan 22nd, 2026 | /feeds/core/detection-rules/callback-phishing-in-body-or-attachment-untrusted-sender-b93c6f94 | |
Callback phishing via calendar invite | Sublime Security | 1d ago Jan 22nd, 2026 | /feeds/core/detection-rules/callback-phishing-via-calendar-invite-95c84360 | |
Callback phishing via extensionless rfc822 attachment | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/callback-phishing-via-extensionless-rfc822-attachment-197722c4 | |
Callback phishing via Google Group abuse | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/callback-phishing-via-google-group-abuse-199d873b | |
Callback phishing via Microsoft comment | Sublime Security | 1mo ago Dec 16th, 2025 | /feeds/core/detection-rules/callback-phishing-via-microsoft-comment-8346c7b9 | |
Callback phishing via Yammer comment | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/callback-phishing-via-yammer-comment-66650e2b | |
Canva design with suspicious embedded link | Sublime Security | 3mo ago Sep 29th, 2025 | /feeds/core/detection-rules/canva-design-with-suspicious-embedded-link-02959e22 | |
Canva infrastructure abuse | Sublime Security | 4mo ago Sep 5th, 2025 | /feeds/core/detection-rules/canva-infrastructure-abuse-b69fdb5c | |
Cloud storage impersonation with credential theft indicators | Sublime Security | 4mo ago Sep 22nd, 2025 | /feeds/core/detection-rules/cloud-storage-impersonation-with-credential-theft-indicators-4c20f72c | |
Commonly abused sender TLD with engaging language | Sublime Security | 5mo ago Aug 7th, 2025 | /feeds/core/detection-rules/commonly-abused-sender-tld-with-engaging-language-447386dc | |
COVID-19 themed fraud with sender and reply-to mismatch or compensation award | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/covid-19-themed-fraud-with-sender-and-reply-to-mismatch-or-compensation-award-a16480ef | |
Credential phishing: DocuSign embedded image lure with no DocuSign domains in links | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/credential-phishing-docusign-embedded-image-lure-with-no-docusign-domains-in-links-dfe8715e | |
Credential phishing: Email delivery failure impersonation | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/credential-phishing-email-delivery-failure-impersonation-ee318b89 | |
Credential phishing: Engaging language and other indicators (untrusted sender) | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/credential-phishing-engaging-language-and-other-indicators-untrusted-sender-c2bc8ca2 | |
Credential phishing: Engaging language with IPFS link | Sublime Security | 2y ago May 3rd, 2024 | /feeds/core/detection-rules/credential-phishing-engaging-language-with-ipfs-link-996c4d83 | |
Credential phishing: Fake password expiration from new and unsolicited sender | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/credential-phishing-fake-password-expiration-from-new-and-unsolicited-sender-5d9c3a75 | |
Credential phishing: Generic document sharing | Sublime Security | 1mo ago Dec 8th, 2025 | /feeds/core/detection-rules/credential-phishing-generic-document-sharing-9f0e1d2c | |
Credential phishing: Image as content, short or no body contents | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/credential-phishing-image-as-content-short-or-no-body-contents-01313f38 | |
Credential phishing language and suspicious indicators (unknown sender) | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/credential-phishing-language-and-suspicious-indicators-unknown-sender-89c186f7 | |
Credential phishing: Onedrive impersonation | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/credential-phishing-onedrive-impersonation-1f990c92 | |
Credential phishing: Re-Authentication lure | Sublime Security | 3mo ago Oct 17th, 2025 | /feeds/core/detection-rules/credential-phishing-re-authentication-lure-2e45d3de | |
Credential phishing: 'Secure message' and engaging language | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/credential-phishing-secure-message-and-engaging-language-bd95a7b1 | |
Credential Phishing: Suspicious language, link, recipients and other indicators | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/credential-phishing-suspicious-language-link-recipients-and-other-indicators-dcb39190 | |
Credential phishing: Suspicious subject with urgent financial request and link | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/credential-phishing-suspicious-subject-with-urgent-financial-request-and-link-056464f4 | |
Credential theft with 'safe content' deception and social engineering topics | Sublime Security | 18d ago Jan 5th, 2026 | /feeds/core/detection-rules/credential-theft-with-safe-content-deception-and-social-engineering-topics-22ceee0d | |
Deceptive Dropbox mention | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/deceptive-dropbox-mention-58a107bc | |
Domain impersonation: Freemail reply-to local lookalike with financial request | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/domain-impersonation-freemail-reply-to-local-lookalike-with-financial-request-43026a40 | |
EML attachment with credential theft language (unknown sender) | Sublime Security | 3mo ago Oct 3rd, 2025 | /feeds/core/detection-rules/eml-attachment-with-credential-theft-language-unknown-sender-00e06af1 | |
Employee impersonation with urgent request (untrusted sender) | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/employee-impersonation-with-urgent-request-untrusted-sender-1ce9a146 | |
Extortion / sextortion in attachment from untrusted sender | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/extortion-sextortion-in-attachment-from-untrusted-sender-3cb8d32c | |
Extortion / sextortion (untrusted sender) | Sublime Security | 1d ago Jan 22nd, 2026 | /feeds/core/detection-rules/extortion-sextortion-untrusted-sender-265913eb | |
Fake email quarantine notification | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/fake-email-quarantine-notification-73f26a3d |