Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Fake message thread with a suspicious link and engaging language from an unknown sender | Sublime Security | 2mo ago Nov 12th, 2025 | /feeds/core/detection-rules/fake-message-thread-with-a-suspicious-link-and-engaging-language-from-an-unknown-sender-8fd0e211 | |
Fake request for tax preparation | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/fake-request-for-tax-preparation-e36b85b3 | |
Fake shipping notification with suspicious language | Sublime Security | 2y ago May 3rd, 2024 | /feeds/core/detection-rules/fake-shipping-notification-with-suspicious-language-67748b0a | |
Fake thread with suspicious indicators | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/fake-thread-with-suspicious-indicators-c2e18a57 | |
Fake voicemail notification (untrusted sender) | Sublime Security | 1d ago Jan 22nd, 2026 | /feeds/core/detection-rules/fake-voicemail-notification-untrusted-sender-74ba7787 | |
Fake Zoom meeting invite with suspicious link | Sublime Security | 1mo ago Dec 1st, 2025 | /feeds/core/detection-rules/fake-zoom-meeting-invite-with-suspicious-link-aba95f23 | |
Fraudulent order confirmation/shipping notification from Chinese sender domain | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/fraudulent-order-confirmationshipping-notification-from-chinese-sender-domain-4392a14e | |
Free subdomain link with credential theft indicators | Sublime Security | 2y ago Dec 12th, 2024 | /feeds/core/detection-rules/free-subdomain-link-with-credential-theft-indicators-9187479c | |
Google Accelerated Mobile Pages (AMP) abuse | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/google-accelerated-mobile-pages-amp-abuse-46907029 | |
Google Drive abuse: Credential phishing link | Sublime Security | 2y ago Jul 31st, 2024 | /feeds/core/detection-rules/google-drive-abuse-credential-phishing-link-c74aece0 | |
Headers: System account impersonation with empty sender address | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/headers-system-account-impersonation-with-empty-sender-address-887f7953 | |
Honorific greeting BEC attempt with sender and reply-to mismatch | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/honorific-greeting-bec-attempt-with-sender-and-reply-to-mismatch-aa41b1b7 | |
HR impersonation via e-sign agreement comment | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/hr-impersonation-via-e-sign-agreement-comment-796c6f0f | |
Impersonation: Human Resources with link or attachment and engaging language | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/impersonation-human-resources-with-link-or-attachment-and-engaging-language-8c95a6a8 | |
Impersonation: Internal corporate services | Sublime Security | 3d ago Jan 20th, 2026 | /feeds/core/detection-rules/impersonation-internal-corporate-services-3cd04f33 | |
Impersonation: Salesforce fake campaign failure notification | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/impersonation-salesforce-fake-campaign-failure-notification-d66000ca | |
Impersonation: Suspected supplier impersonation with suspicious content | Sublime Security | 11mo ago Feb 3rd, 2025 | /feeds/core/detection-rules/impersonation-suspected-supplier-impersonation-with-suspicious-content-63d8b1ce | |
Issuu document with suspicious embedded link | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/issuu-document-with-suspicious-embedded-link-0d73f43d | |
Job scam (unsolicited sender) | Sublime Security | 2mo ago Nov 3rd, 2025 | /feeds/core/detection-rules/job-scam-unsolicited-sender-a37dc32d | |
Job scam with specific salary pattern | Sublime Security | 2d ago Jan 21st, 2026 | /feeds/core/detection-rules/job-scam-with-specific-salary-pattern-af7f9e21 | |
Link: Adobe share with suspicious indicators | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-adobe-share-with-suspicious-indicators-b33cae80 | |
Link: chatbot.page platform abuse | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-chatbotpage-platform-abuse-bfd6a076 | |
Link: Credential phishing traversing Russian infrastructure | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-credential-phishing-traversing-russian-infrastructure-a5203e3b | |
Link: Cryptocurrency fraud with suspicious links | Sublime Security | 1mo ago Dec 1st, 2025 | /feeds/core/detection-rules/link-cryptocurrency-fraud-with-suspicious-links-d0da37ce | |
Link: Display text matches subject line | Sublime Security | 2mo ago Nov 14th, 2025 | /feeds/core/detection-rules/link-display-text-matches-subject-line-ba722cf0 | |
Link: Executable file download with suspicious message content | Sublime Security | 3mo ago Oct 16th, 2025 | /feeds/core/detection-rules/link-executable-file-download-with-suspicious-message-content-ce9a4926 | |
Link: Figma design deck with credential theft language | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-figma-design-deck-with-credential-theft-language-87601924 | |
Link: File sharing impersonation with suspicious language and sending patterns | Sublime Security | 2mo ago Oct 31st, 2025 | /feeds/core/detection-rules/link-file-sharing-impersonation-with-suspicious-language-and-sending-patterns-d3363041 | |
Link: File sharing pretext with suspicious body and link | Sublime Security | 3mo ago Oct 10th, 2025 | /feeds/core/detection-rules/link-file-sharing-pretext-with-suspicious-body-and-link-c5718a8e | |
Link: Free file hosting with undisclosed recipients | Sublime Security | 4mo ago Sep 11th, 2025 | /feeds/core/detection-rules/link-free-file-hosting-with-undisclosed-recipients-b6281306 | |
Link: HR impersonation with suspicious domain indicators and credential theft | Sublime Security | 1mo ago Dec 3rd, 2025 | /feeds/core/detection-rules/link-hr-impersonation-with-suspicious-domain-indicators-and-credential-theft-f31f8831 | |
Link: Intuit link abuse with file share context | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-intuit-link-abuse-with-file-share-context-cd15cc34 | |
Link: Microsoft Dynamics 365 form phishing | Sublime Security | 1mo ago Dec 5th, 2025 | /feeds/core/detection-rules/link-microsoft-dynamics-365-form-phishing-f72b9085 | |
Link: Microsoft impersonation using hosted png with suspicious link | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-microsoft-impersonation-using-hosted-png-with-suspicious-link-07c696d4 | |
Link: Multistage Landing - Abused Buildin.ai | Sublime Security | 4mo ago Sep 5th, 2025 | /feeds/core/detection-rules/link-multistage-landing-abused-buildinai-e0a79ef5 | |
Link: Multistage landing - FreshDesk knowledge base abuse | Sublime Security | 5mo ago Aug 21st, 2025 | /feeds/core/detection-rules/link-multistage-landing-freshdesk-knowledge-base-abuse-edd6acf7 | |
Link: Multistage landing - Ludus presentation | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-multistage-landing-ludus-presentation-a8b3c311 | |
Link: Multistage landing - Published Google Doc | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-multistage-landing-published-google-doc-031e1ff8 | |
Link: Multistage landing - Scribd document | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-multistage-landing-scribd-document-afa9807d | |
Link: MyActiveCampaign Link Abuse | Sublime Security | 5mo ago Aug 20th, 2025 | /feeds/core/detection-rules/link-myactivecampaign-link-abuse-f5b91ce5 | |
Link: Personal SharePoint with invalid recipients and credential theft language | Sublime Security | 5h ago Jan 23rd, 2026 | /feeds/core/detection-rules/link-personal-sharepoint-with-invalid-recipients-and-credential-theft-language-79d5403d | |
Link: QR Code with suspicious language (untrusted sender) | Sublime Security | 5mo ago Jul 30th, 2025 | /feeds/core/detection-rules/link-qr-code-with-suspicious-language-untrusted-sender-25a84d1c | |
Link: Self-sender with sender org in subject and credential theft indicator | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-self-sender-with-sender-org-in-subject-and-credential-theft-indicator-bfa9aa08 | |
Mass campaign: recipient address in subject, body, and link (untrusted sender) | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/mass-campaign-recipient-address-in-subject-body-and-link-untrusted-sender-599dabf5 | |
Mismatched links: Free file share with urgent language | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/mismatched-links-free-file-share-with-urgent-language-478334c8 | |
Open Redirect: Google domain with /url path and suspicious indicators | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-google-domain-with-url-path-and-suspicious-indicators-fc5adf74 | |
QR Code with suspicious indicators | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/qr-code-with-suspicious-indicators-04f5c34f | |
Reconnaissance: Short generic greeting message | Sublime Security | 1mo ago Dec 2nd, 2025 | /feeds/core/detection-rules/reconnaissance-short-generic-greeting-message-c67dedab | |
Recruitee Infrastructure Abuse | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/recruitee-infrastructure-abuse-31cab83d | |
Request for Quote or Purchase (RFQ|RFP) with HTML smuggling attachment | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/request-for-quote-or-purchase-rfqorrfp-with-html-smuggling-attachment-a47a5755 |