Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Service abuse: DocSend share from newly registered domain | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-docsend-share-from-newly-registered-domain-3bc152f2 | |
Service abuse: DocuSign notification with suspicious sender or document name | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/service-abuse-docusign-notification-with-suspicious-sender-or-document-name-5e4707cd | |
Service abuse: DocuSign share from an unsolicited reply-to address | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-docusign-share-from-an-unsolicited-reply-to-address-2f12d616 | |
Service abuse: Dropbox share from an unsolicited reply-to address | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/service-abuse-dropbox-share-from-an-unsolicited-reply-to-address-50a1499f | |
Service abuse: Dropbox share from new domain | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-dropbox-share-from-new-domain-0e664bd9 | |
Service abuse: Dropbox share with suspicious sender or document name | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-dropbox-share-with-suspicious-sender-or-document-name-27007c9f | |
Service Abuse: ExactTarget with suspicious sender indicators | Sublime Security | 2mo ago Nov 8th, 2025 | /feeds/core/detection-rules/service-abuse-exacttarget-with-suspicious-sender-indicators-6154f197 | |
Service abuse: Facebook business with action required subject | Sublime Security | 2mo ago Nov 17th, 2025 | /feeds/core/detection-rules/service-abuse-facebook-business-with-action-required-subject-64297d2f | |
Service abuse: Free provider with SendGrid routing | Sublime Security | 16d ago Jan 8th, 2026 | /feeds/core/detection-rules/service-abuse-free-provider-with-sendgrid-routing-3079cacb | |
Service abuse: GetAccept callback scam content | Sublime Security | 8d ago Jan 16th, 2026 | /feeds/core/detection-rules/service-abuse-getaccept-callback-scam-content-7ec2f70b | |
Service abuse: Google account notification with links to free file host | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/service-abuse-google-account-notification-with-links-to-free-file-host-59786115 | |
Service abuse: Google application integration redirecting to suspicious hosts | Sublime Security | 1mo ago Dec 17th, 2025 | /feeds/core/detection-rules/service-abuse-google-application-integration-redirecting-to-suspicious-hosts-473d3247 | |
Service abuse: Google classroom solicitation | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-google-classroom-solicitation-e9c39e92 | |
Service abuse: Google Drive share from an unsolicited reply-to address | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/service-abuse-google-drive-share-from-an-unsolicited-reply-to-address-4581ec0c | |
Service abuse: Google Drive share from new reply-to domain | Sublime Security | 2mo ago Nov 13th, 2025 | /feeds/core/detection-rules/service-abuse-google-drive-share-from-new-reply-to-domain-c1a2d367 | |
Service abuse: HelloSign from an unsolicited sender address | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/service-abuse-hellosign-from-an-unsolicited-sender-address-68ca0753 | |
Service Abuse: HelloSign share with suspicious sender or document name | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-hellosign-share-with-suspicious-sender-or-document-name-464d98f3 | |
Service abuse: Microsoft Power BI callback scam | Sublime Security | 2d ago Jan 22nd, 2026 | /feeds/core/detection-rules/service-abuse-microsoft-power-bi-callback-scam-7a55388e | |
Service abuse: Monday.com infrastructure with phishing intent | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-mondaycom-infrastructure-with-phishing-intent-a346e3b1 | |
Service Abuse: Nifty.com with impersonation | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-niftycom-with-impersonation-370cfdac | |
Service abuse: Payoneer callback scam | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-payoneer-callback-scam-b7fb174c | |
Service abuse: QuickBooks notification from new domain | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-quickbooks-notification-from-new-domain-c4f46473 | |
Service abuse: QuickBooks notification with suspicious comments | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-quickbooks-notification-with-suspicious-comments-a23d0950 | |
Service abuse: Random Google Firebase sender address with suspicious content | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-random-google-firebase-sender-address-with-suspicious-content-9f8899a9 | |
Service abuse: Recruiting with suspicious language patterns from legitimate platforms | Sublime Security | 3mo ago Oct 7th, 2025 | /feeds/core/detection-rules/service-abuse-recruiting-with-suspicious-language-patterns-from-legitimate-platforms-29e12696 | |
Service abuse: Roomsy with unrelated body content | Sublime Security | 1mo ago Dec 2nd, 2025 | /feeds/core/detection-rules/service-abuse-roomsy-with-unrelated-body-content-18e08a5a | |
Service abuse: Sendgrid credential theft with personalized request targeting single recipient | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-sendgrid-credential-theft-with-personalized-request-targeting-single-recipient-b9680da1 | |
Service abuse: SendGrid impersonation via Sendgrid from new sender | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-sendgrid-impersonation-via-sendgrid-from-new-sender-aa5d18ca | |
Service abuse: SendThisFile with credential theft and financial language | Sublime Security | 2mo ago Oct 27th, 2025 | /feeds/core/detection-rules/service-abuse-sendthisfile-with-credential-theft-and-financial-language-c1ebf25b | |
Service abuse: SurveyMonkey survey from newly registered domain | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-surveymonkey-survey-from-newly-registered-domain-50a85fa7 | |
Service abuse: Suspicious Zoom Docs link | Sublime Security | 1mo ago Dec 2nd, 2025 | /feeds/core/detection-rules/service-abuse-suspicious-zoom-docs-link-064b2594 | |
Service abuse: Task management message sent via SendGrid | Sublime Security | 3mo ago Oct 6th, 2025 | /feeds/core/detection-rules/service-abuse-task-management-message-sent-via-sendgrid-568a63f5 | |
Service abuse: Trello board invitation with VIP impersonation | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-trello-board-invitation-with-vip-impersonation-fedfc94b | |
Service abuse: Wix redirect through bulk mailer domains | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-wix-redirect-through-bulk-mailer-domains-60af216d | |
Sharepoint link likely unrelated to sender | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/sharepoint-link-likely-unrelated-to-sender-6870f489 | |
Sharepoint online with external recipients and external display name | @vector_sec | 3y ago Aug 17th, 2023 | /feeds/core/detection-rules/sharepoint-online-with-external-recipients-and-external-display-name-5579bb4b | |
Spam: Attendee list solicitation | Sublime Security | 4mo ago Aug 29th, 2025 | /feeds/core/detection-rules/spam-attendee-list-solicitation-69715b62 | |
Spam: Campaign with excessive space/char obfuscation and free file hosted link | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/spam-campaign-with-excessive-spacechar-obfuscation-and-free-file-hosted-link-122bc0ca | |
Spam: Commonly observed formatting of unauthorized free giveaways | Sublime Security | 10d ago Jan 14th, 2026 | /feeds/core/detection-rules/spam-commonly-observed-formatting-of-unauthorized-free-giveaways-8bc49fa3 | |
Spam: Default Microsoft Exchange Online sender domain (onmicrosoft.com) | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/spam-default-microsoft-exchange-online-sender-domain-onmicrosoftcom-3f2a64ce | |
Spam: Fake dating profile notification | Sublime Security | 1mo ago Dec 3rd, 2025 | /feeds/core/detection-rules/spam-fake-dating-profile-notification-0f33fea2 | |
Spam: Fake photo share | Sublime Security | 2mo ago Nov 8th, 2025 | /feeds/core/detection-rules/spam-fake-photo-share-eb086f7d | |
Spam: Firebase password reset from suspicious sender | Sublime Security | 1mo ago Dec 2nd, 2025 | /feeds/core/detection-rules/spam-firebase-password-reset-from-suspicious-sender-a2f673a9 | |
Spam/fraud: Predatory journal/research paper request | Sublime Security | 2mo ago Nov 3rd, 2025 | /feeds/core/detection-rules/spamfraud-predatory-journalresearch-paper-request-263ca56b | |
Spam: Ghostwriting services scam with manipulative language | Sublime Security | 3mo ago Oct 17th, 2025 | /feeds/core/detection-rules/spam-ghostwriting-services-scam-with-manipulative-language-b747c3ea | |
Spam: Image as content with hidden HTML element | Sublime Security | 15h ago Jan 23rd, 2026 | /feeds/core/detection-rules/spam-image-as-content-with-hidden-html-element-5de8861f | |
Spam: Item giveaway spam template | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/spam-item-giveaway-spam-template-06a5f93b | |
Spam: Link to blob.core.windows.net from new domain (<30d) | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/spam-link-to-blobcorewindowsnet-from-new-domain-less30d-a09b3800 | |
Spam: Mastercard promotional content with image-based body | Sublime Security | 2mo ago Nov 5th, 2025 | /feeds/core/detection-rules/spam-mastercard-promotional-content-with-image-based-body-5f2cb559 | |
Spam: New job cold outreach from unsolicited sender | Sublime Security | 3mo ago Sep 29th, 2025 | /feeds/core/detection-rules/spam-new-job-cold-outreach-from-unsolicited-sender-ec39b789 |