Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Credential phishing link (unknown sender) | Sublime Security | 7mo ago Jul 16th, 2025 | /feeds/core/detection-rules/credential-phishing-link-unknown-sender-a278012b | |
Credential phishing: Onedrive impersonation | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/credential-phishing-onedrive-impersonation-1f990c92 | |
Credential phishing: Re-Authentication lure | Sublime Security | 4mo ago Oct 17th, 2025 | /feeds/core/detection-rules/credential-phishing-re-authentication-lure-2e45d3de | |
Credential phishing: 'Secure message' and engaging language | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/credential-phishing-secure-message-and-engaging-language-bd95a7b1 | |
Credential phishing: Suspicious e-sign agreement document notification | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/credential-phishing-suspicious-e-sign-agreement-document-notification-9b68c2d8 | |
Credential phishing: Suspicious subject with urgent financial request and link | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/credential-phishing-suspicious-subject-with-urgent-financial-request-and-link-056464f4 | |
Credential phishing: Tax form impersonation with payment request | Sublime Security | 25d ago Feb 13th, 2026 | /feeds/core/detection-rules/credential-phishing-tax-form-impersonation-with-payment-request-717695cf | |
Credential Phishing via Dropbox comment abuse | Sublime Security | 5mo ago Sep 22nd, 2025 | /feeds/core/detection-rules/credential-phishing-via-dropbox-comment-abuse-744d494d | |
Credential theft with 'safe content' deception and social engineering topics | Sublime Security | 13d ago Feb 25th, 2026 | /feeds/core/detection-rules/credential-theft-with-safe-content-deception-and-social-engineering-topics-22ceee0d | |
Cyrillic vowel substitution in subject or display name from unknown sender | Sublime Security | 7mo ago Jul 16th, 2025 | /feeds/core/detection-rules/cyrillic-vowel-substitution-in-subject-or-display-name-from-unknown-sender-74bc0b0c | |
Cyrillic vowel substitutions with suspicious subject from unknown sender | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/cyrillic-vowel-substitutions-with-suspicious-subject-from-unknown-sender-10251c3c | |
Deceptive Dropbox mention | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/deceptive-dropbox-mention-58a107bc | |
Display name and subject impersonation using recipient SLD (new sender) | Sublime Security | 7mo ago Jul 16th, 2025 | /feeds/core/detection-rules/display-name-and-subject-impersonation-using-recipient-sld-new-sender-cb2b3ed3 | |
Display Name Emoji with Financial Symbols | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/display-name-emoji-with-financial-symbols-f316f335 | |
Display name impersonation using recipient SLD | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/display-name-impersonation-using-recipient-sld-81a8ed12 | |
Domain impersonation: Freemail reply-to local lookalike with financial request | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/domain-impersonation-freemail-reply-to-local-lookalike-with-financial-request-43026a40 | |
EML attachment with credential theft language (unknown sender) | Sublime Security | 5mo ago Oct 3rd, 2025 | /feeds/core/detection-rules/eml-attachment-with-credential-theft-language-unknown-sender-00e06af1 | |
Employee impersonation: Payroll fraud | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/employee-impersonation-payroll-fraud-2beb7d85 | |
Employee impersonation with urgent request (untrusted sender) | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/employee-impersonation-with-urgent-request-untrusted-sender-1ce9a146 | |
Extortion / sextortion in attachment from untrusted sender | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/extortion-sextortion-in-attachment-from-untrusted-sender-3cb8d32c | |
Extortion / Sextortion - PDF attachment leveraging breach data from freemail sender | Sublime Security | 1y ago Feb 3rd, 2025 | /feeds/core/detection-rules/extortion-sextortion-pdf-attachment-leveraging-breach-data-from-freemail-sender-efb5a213 | |
Extortion / sextortion (untrusted sender) | Sublime Security | 1mo ago Jan 22nd, 2026 | /feeds/core/detection-rules/extortion-sextortion-untrusted-sender-265913eb | |
Fake email quarantine notification | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/fake-email-quarantine-notification-73f26a3d | |
Fake message thread - Untrusted sender with a mismatched freemail reply-to address | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/fake-message-thread-untrusted-sender-with-a-mismatched-freemail-reply-to-address-ca64e819 | |
Fake message thread with a suspicious link and engaging language from an unknown sender | Sublime Security | 3mo ago Nov 12th, 2025 | /feeds/core/detection-rules/fake-message-thread-with-a-suspicious-link-and-engaging-language-from-an-unknown-sender-8fd0e211 | |
Fake request for tax preparation | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/fake-request-for-tax-preparation-e36b85b3 | |
Fake scan-to-email message | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/fake-scan-to-email-message-78851fbe | |
Fake shipping notification with link to free file hosting | Sublime Security | 2y ago Jul 10th, 2024 | /feeds/core/detection-rules/fake-shipping-notification-with-link-to-free-file-hosting-6d3fe05e | |
Fake thread with suspicious indicators | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/fake-thread-with-suspicious-indicators-c2e18a57 | |
Fake voicemail notification (untrusted sender) | Sublime Security | 1mo ago Jan 22nd, 2026 | /feeds/core/detection-rules/fake-voicemail-notification-untrusted-sender-74ba7787 | |
Fake warning banner using confusable characters | Sublime Security | 8d ago Mar 2nd, 2026 | /feeds/core/detection-rules/fake-warning-banner-using-confusable-characters-179ee1ff | |
Fake Zoho Sign template abuse | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/fake-zoho-sign-template-abuse-785fd0d5 | |
Fake Zoom meeting invite with suspicious link | Sublime Security | 3mo ago Dec 1st, 2025 | /feeds/core/detection-rules/fake-zoom-meeting-invite-with-suspicious-link-aba95f23 | |
File sharing link with a suspicious subject | Sublime Security | 21d ago Feb 17th, 2026 | /feeds/core/detection-rules/file-sharing-link-with-a-suspicious-subject-a306e2a6 | |
Fraudulent e-commerce operators | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/fraudulent-e-commerce-operators-3776a6fc | |
Fraudulent order confirmation/shipping notification from Chinese sender domain | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/fraudulent-order-confirmationshipping-notification-from-chinese-sender-domain-4392a14e | |
Free email provider sender with mismatched provider reply-to | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/free-email-provider-sender-with-mismatched-provider-reply-to-fcd831d0 | |
Free subdomain link with login or captcha (untrusted sender) | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/free-subdomain-link-with-login-or-captcha-untrusted-sender-93288f82 | |
Generic service abuse from newly registered domain | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/generic-service-abuse-from-newly-registered-domain-0937b4c5 | |
Google Drive direct download link from unsolicited sender | Sublime Security | 7mo ago Jul 16th, 2025 | /feeds/core/detection-rules/google-drive-direct-download-link-from-unsolicited-sender-78a19343 | |
Google Notification alert link from non-Google sender | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/google-notification-alert-link-from-non-google-sender-a1c1acfd | |
Google presentation open redirect phishing | Sublime Security | 2mo ago Dec 11th, 2025 | /feeds/core/detection-rules/google-presentation-open-redirect-phishing-5d01ee3a | |
Hardbacon infrastructure abuse | Sublime Security | 2y ago Dec 20th, 2024 | /feeds/core/detection-rules/hardbacon-infrastructure-abuse-5330db42 | |
Headers: Fake in-reply-to with wildcard sender and missing thread context | Sublime Security | 1mo ago Jan 23rd, 2026 | /feeds/core/detection-rules/headers-fake-in-reply-to-with-wildcard-sender-and-missing-thread-context-89da670a | |
Headers: Invalid recipient domain with mismatched reply-to from new sender | Sublime Security | 3mo ago Nov 21st, 2025 | /feeds/core/detection-rules/headers-invalid-recipient-domain-with-mismatched-reply-to-from-new-sender-f375ded1 | |
Headers: System account impersonation with empty sender address | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/headers-system-account-impersonation-with-empty-sender-address-887f7953 | |
Honorific greeting BEC attempt with sender and reply-to mismatch | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/honorific-greeting-bec-attempt-with-sender-and-reply-to-mismatch-aa41b1b7 | |
HR impersonation via e-sign agreement comment | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/hr-impersonation-via-e-sign-agreement-comment-796c6f0f | |
HTML: Bidirectional (BIDI) HTML override with right to left obfuscation | Sublime Security | 4mo ago Oct 17th, 2025 | /feeds/core/detection-rules/html-bidirectional-bidi-html-override-with-right-to-left-obfuscation-f93940d2 | |
Image as content with a link to an open redirect (unsolicited) | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/image-as-content-with-a-link-to-an-open-redirect-unsolicited-f5cec36b |