Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Mass campaign: recipient address in subject, body, and link (untrusted sender) | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/mass-campaign-recipient-address-in-subject-body-and-link-untrusted-sender-599dabf5 | |
Mismatched links: Free file share with urgent language | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/mismatched-links-free-file-share-with-urgent-language-478334c8 | |
Open Redirect: Google domain with /url path and suspicious indicators | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-google-domain-with-url-path-and-suspicious-indicators-fc5adf74 | |
QR Code with suspicious indicators | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/qr-code-with-suspicious-indicators-04f5c34f | |
Reconnaissance: Short generic greeting message | Sublime Security | 1mo ago Jan 27th, 2026 | /feeds/core/detection-rules/reconnaissance-short-generic-greeting-message-c67dedab | |
Recruitee Infrastructure Abuse | Sublime Security | 7mo ago Jul 16th, 2025 | /feeds/core/detection-rules/recruitee-infrastructure-abuse-31cab83d | |
Request for Quote or Purchase (RFQ|RFP) with HTML smuggling attachment | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/request-for-quote-or-purchase-rfqorrfp-with-html-smuggling-attachment-a47a5755 | |
Request for Quote or Purchase (RFQ|RFP) with suspicious sender or recipient pattern | Sublime Security | 13h ago Mar 9th, 2026 | /feeds/core/detection-rules/request-for-quote-or-purchase-rfqorrfp-with-suspicious-sender-or-recipient-pattern-2ac0d329 | |
Salesforce infrastructure abuse | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/salesforce-infrastructure-abuse-78a77c70 | |
Scam: Piano giveaway | Sublime Security | 2mo ago Dec 11th, 2025 | /feeds/core/detection-rules/scam-piano-giveaway-1a91a203 | |
Service abuse: Apple TestFlight with suspicious developer reference | Sublime Security | 1mo ago Feb 6th, 2026 | /feeds/core/detection-rules/service-abuse-apple-testflight-with-suspicious-developer-reference-e7ea0ee0 | |
Service abuse: AppSheet infrastructure with suspicious indicators | Sublime Security | 5mo ago Oct 6th, 2025 | /feeds/core/detection-rules/service-abuse-appsheet-infrastructure-with-suspicious-indicators-5937646a | |
Service Abuse: Box file sharing with credential phishing intent | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-box-file-sharing-with-credential-phishing-intent-5bd0cb25 | |
Service abuse: Cisco secure email service with financial request | Sublime Security | 5mo ago Oct 1st, 2025 | /feeds/core/detection-rules/service-abuse-cisco-secure-email-service-with-financial-request-43a6daa8 | |
Service abuse: FlipHTML5 with attachment deception and credential theft language | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-fliphtml5-with-attachment-deception-and-credential-theft-language-02464799 | |
Service abuse: GetAccept callback scam content | Sublime Security | 1mo ago Jan 16th, 2026 | /feeds/core/detection-rules/service-abuse-getaccept-callback-scam-content-7ec2f70b | |
Service Abuse: GoDaddy infrastructure | Sublime Security | 2mo ago Jan 7th, 2026 | /feeds/core/detection-rules/service-abuse-godaddy-infrastructure-8a2dd357 | |
Service abuse: Microsoft Power Automate callback scam impersonation | Sublime Security | 5d ago Mar 5th, 2026 | /feeds/core/detection-rules/service-abuse-microsoft-power-automate-callback-scam-impersonation-18d1c18b | |
Service abuse: Microsoft Power BI callback scam | Sublime Security | 1mo ago Jan 22nd, 2026 | /feeds/core/detection-rules/service-abuse-microsoft-power-bi-callback-scam-7a55388e | |
Service abuse: Monday.com callback scam | Sublime Security | 1mo ago Jan 26th, 2026 | /feeds/core/detection-rules/service-abuse-mondaycom-callback-scam-82cf4502 | |
Service abuse: Nylas tracking subdomain with suspicious content | Sublime Security | 4d ago Mar 6th, 2026 | /feeds/core/detection-rules/service-abuse-nylas-tracking-subdomain-with-suspicious-content-a3a6c896 | |
Service abuse: Random Google Firebase sender address with suspicious content | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-random-google-firebase-sender-address-with-suspicious-content-9f8899a9 | |
Service abuse: Recruiting with suspicious language patterns from legitimate platforms | Sublime Security | 5mo ago Oct 7th, 2025 | /feeds/core/detection-rules/service-abuse-recruiting-with-suspicious-language-patterns-from-legitimate-platforms-29e12696 | |
Service abuse: Roomsy with unrelated body content | Sublime Security | 3mo ago Dec 2nd, 2025 | /feeds/core/detection-rules/service-abuse-roomsy-with-unrelated-body-content-18e08a5a | |
Service abuse: Sendgrid credential theft with personalized request targeting single recipient | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-sendgrid-credential-theft-with-personalized-request-targeting-single-recipient-b9680da1 | |
Service abuse: SendThisFile with credential theft and financial language | Sublime Security | 4mo ago Oct 27th, 2025 | /feeds/core/detection-rules/service-abuse-sendthisfile-with-credential-theft-and-financial-language-c1ebf25b | |
Service abuse: WeTransfer callback scam | Sublime Security | 1mo ago Jan 30th, 2026 | /feeds/core/detection-rules/service-abuse-wetransfer-callback-scam-c60c8650 | |
Spam: Fake dating profile notification | Sublime Security | 3mo ago Dec 3rd, 2025 | /feeds/core/detection-rules/spam-fake-dating-profile-notification-0f33fea2 | |
Spam/fraud: Predatory journal/research paper request | Sublime Security | 4mo ago Nov 3rd, 2025 | /feeds/core/detection-rules/spamfraud-predatory-journalresearch-paper-request-263ca56b | |
Spam: Mastercard promotional content with image-based body | Sublime Security | 4mo ago Nov 5th, 2025 | /feeds/core/detection-rules/spam-mastercard-promotional-content-with-image-based-body-5f2cb559 | |
Spam: New job cold outreach from unsolicited sender | Sublime Security | 5mo ago Sep 29th, 2025 | /feeds/core/detection-rules/spam-new-job-cold-outreach-from-unsolicited-sender-ec39b789 | |
Spam: Sendersrv.com with financial communications and unsubscribe language | Sublime Security | 14d ago Feb 24th, 2026 | /feeds/core/detection-rules/spam-sendersrvcom-with-financial-communications-and-unsubscribe-language-69570820 | |
Spam: Website errors solicitation | Sublime Security | 2mo ago Dec 11th, 2025 | /feeds/core/detection-rules/spam-website-errors-solicitation-122ea794 | |
Spoofable internal domain with suspicious signals | Sublime Security | 7mo ago Jul 23rd, 2025 | /feeds/core/detection-rules/spoofable-internal-domain-with-suspicious-signals-40089d69 | |
Suspected lookalike domain with suspicious language | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/suspected-lookalike-domain-with-suspicious-language-3674ced0 | |
Suspicious attachment with unscannable Cloudflare link | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-attachment-with-unscannable-cloudflare-link-00f92b6f | |
Suspicious invoice reference with missing or image-only attachments | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-invoice-reference-with-missing-or-image-only-attachments-466c1680 | |
Suspicious newly registered reply-to domain with engaging financial or urgent language | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-newly-registered-reply-to-domain-with-engaging-financial-or-urgent-language-db4d9bb3 | |
Suspicious recipient pattern and language with low reputation link to login | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-recipient-pattern-and-language-with-low-reputation-link-to-login-a8ea0402 | |
Suspicious recipients pattern with NLU credential theft indicators | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-recipients-pattern-with-nlu-credential-theft-indicators-8e121c3e | |
Suspicious recipients pattern with no Compauth pass and suspicious content | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-recipients-pattern-with-no-compauth-pass-and-suspicious-content-34fb65f6 | |
Vendor compromise: GovDelivery message with suspicious link | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/vendor-compromise-govdelivery-message-with-suspicious-link-0d2d5172 | |
Vendor impersonation: Thread hijacking with typosquat domain | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/vendor-impersonation-thread-hijacking-with-typosquat-domain-9c2f38ed | |
Venmo payment request abuse | Sublime Security | 6mo ago Sep 5th, 2025 | /feeds/core/detection-rules/venmo-payment-request-abuse-4450639a | |
VIP Impersonation via Google Group relay with suspicious indicators | Sublime Security | 3mo ago Nov 12th, 2025 | /feeds/core/detection-rules/vip-impersonation-via-google-group-relay-with-suspicious-indicators-57f9cd3b | |
VIP impersonation with BEC language (near match, untrusted sender) | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/vip-impersonation-with-bec-language-near-match-untrusted-sender-303081da | |
VIP impersonation with charitable donation fraud | Sublime Security | 3mo ago Nov 12th, 2025 | /feeds/core/detection-rules/vip-impersonation-with-charitable-donation-fraud-35a56b8e | |
VIP impersonation with invoicing request | Sublime Security | 2y ago Apr 23rd, 2024 | /feeds/core/detection-rules/vip-impersonation-with-invoicing-request-a60f89a0 | |
VIP impersonation with urgent request (strict match, untrusted sender) | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/vip-impersonation-with-urgent-request-strict-match-untrusted-sender-0dd1fa60 | |
VIP impersonation with w2 request with reply-to mismatch | Sublime Security | 11d ago Feb 27th, 2026 | /feeds/core/detection-rules/vip-impersonation-with-w2-request-with-reply-to-mismatch-e7e73fad |