Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Suspicious newly registered reply-to domain with engaging financial or urgent language | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-newly-registered-reply-to-domain-with-engaging-financial-or-urgent-language-db4d9bb3 | |
Suspicious recipient pattern and language with low reputation link to login | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-recipient-pattern-and-language-with-low-reputation-link-to-login-a8ea0402 | |
Suspicious request for financial information | Sublime Security | 1mo ago Dec 6th, 2025 | /feeds/core/detection-rules/suspicious-request-for-financial-information-4ebdaa4d | |
Truth Social infrastructure abuse via link redirect | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/truth-social-infrastructure-abuse-via-link-redirect-aaaa30a8 | |
Twitter infrastructure abuse via link shortener | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/twitter-infrastructure-abuse-via-link-shortener-99ca165e | |
URL with Unicode U+2044 (⁄) or U+2215 (∕) characters | @delivr_to | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/url-with-unicode-u2044-or-u2215-characters-12069f5b | |
Vendor compromise: GovDelivery message with suspicious link | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/vendor-compromise-govdelivery-message-with-suspicious-link-0d2d5172 | |
Vendor impersonation: Thread hijacking with typosquat domain | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/vendor-impersonation-thread-hijacking-with-typosquat-domain-9c2f38ed | |
Venmo payment request abuse | Sublime Security | 4mo ago Sep 5th, 2025 | /feeds/core/detection-rules/venmo-payment-request-abuse-4450639a | |
VIP impersonation: Fake thread with display name match, email mismatch | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/vip-impersonation-fake-thread-with-display-name-match-email-mismatch-11cc3e28 | |
VIP Impersonation via Google Group relay with suspicious indicators | Sublime Security | 2mo ago Nov 12th, 2025 | /feeds/core/detection-rules/vip-impersonation-via-google-group-relay-with-suspicious-indicators-57f9cd3b | |
VIP impersonation with BEC language (near match, untrusted sender) | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/vip-impersonation-with-bec-language-near-match-untrusted-sender-303081da | |
VIP impersonation with charitable donation fraud | Sublime Security | 2mo ago Nov 12th, 2025 | /feeds/core/detection-rules/vip-impersonation-with-charitable-donation-fraud-35a56b8e | |
VIP impersonation with urgent request (strict match, untrusted sender) | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/vip-impersonation-with-urgent-request-strict-match-untrusted-sender-0dd1fa60 | |
Xero infrastructure abuse | Sublime Security | 2mo ago Nov 3rd, 2025 | /feeds/core/detection-rules/xero-infrastructure-abuse-918c4bd3 | |
Xero invoice abuse | Sublime Security | 1mo ago Dec 17th, 2025 | /feeds/core/detection-rules/xero-invoice-abuse-6538c600 | |
X (Twitter) impersonation with credential phishing motives | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/x-twitter-impersonation-with-credential-phishing-motives-0b60dca6 | |
Zoom Events newsletter abuse | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/zoom-events-newsletter-abuse-c8fce846 |