Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Attachment with VBA macros from employee impersonation (unsolicited) | Sublime Security | 5mo ago Jul 16th, 2025 | /feeds/core/detection-rules/attachment-with-vba-macros-from-employee-impersonation-unsolicited-9b262123 | |
BEC: Employee impersonation with subject manipulation | Sublime Security | 5mo ago Jul 16th, 2025 | /feeds/core/detection-rules/bec-employee-impersonation-with-subject-manipulation-9adfc77b | |
Benefits enrollment impersonation | Sublime Security | 4mo ago Aug 5th, 2025 | /feeds/core/detection-rules/benefits-enrollment-impersonation-5a6eb5a8 | |
Canva infrastructure abuse | Sublime Security | 3mo ago Sep 5th, 2025 | /feeds/core/detection-rules/canva-infrastructure-abuse-b69fdb5c | |
Credential phishing: Generic document sharing | Sublime Security | 13d ago Dec 8th, 2025 | /feeds/core/detection-rules/credential-phishing-generic-document-sharing-9f0e1d2c | |
Employee impersonation: Payroll fraud | Sublime Security | 4mo ago Aug 5th, 2025 | /feeds/core/detection-rules/employee-impersonation-payroll-fraud-2beb7d85 | |
Employee impersonation with urgent request (untrusted sender) | Sublime Security | 5mo ago Jul 8th, 2025 | /feeds/core/detection-rules/employee-impersonation-with-urgent-request-untrusted-sender-1ce9a146 | |
Headers: System account impersonation with empty sender address | Sublime Security | 2mo ago Oct 1st, 2025 | /feeds/core/detection-rules/headers-system-account-impersonation-with-empty-sender-address-887f7953 | |
Impersonation: Human Resources with link or attachment and engaging language | Sublime Security | 5mo ago Jul 16th, 2025 | /feeds/core/detection-rules/impersonation-human-resources-with-link-or-attachment-and-engaging-language-8c95a6a8 | |
Impersonation: Internal corporate services | Sublime Security | 1mo ago Nov 18th, 2025 | /feeds/core/detection-rules/impersonation-internal-corporate-services-3cd04f33 | |
Link: HR impersonation with suspicious domain indicators and credential theft | Sublime Security | 18d ago Dec 3rd, 2025 | /feeds/core/detection-rules/link-hr-impersonation-with-suspicious-domain-indicators-and-credential-theft-f31f8831 | |
Link: SharePoint filename matches org name | Sublime Security | 2mo ago Sep 26th, 2025 | /feeds/core/detection-rules/link-sharepoint-filename-matches-org-name-cb954726 | |
Service Abuse: Box file sharing with credential phishing intent | Sublime Security | 3mo ago Sep 4th, 2025 | /feeds/core/detection-rules/service-abuse-box-file-sharing-with-credential-phishing-intent-5bd0cb25 | |
Sharepoint link likely unrelated to sender | Sublime Security | 3mo ago Sep 19th, 2025 | /feeds/core/detection-rules/sharepoint-link-likely-unrelated-to-sender-6870f489 | |
Suspicious attachment with unscannable Cloudflare link | Sublime Security | 5mo ago Jul 16th, 2025 | /feeds/core/detection-rules/suspicious-attachment-with-unscannable-cloudflare-link-00f92b6f | |
Suspicious request for financial information | Sublime Security | 15d ago Dec 6th, 2025 | /feeds/core/detection-rules/suspicious-request-for-financial-information-4ebdaa4d | |
VIP Impersonation via Google Group relay with suspicious indicators | Sublime Security | 1mo ago Nov 12th, 2025 | /feeds/core/detection-rules/vip-impersonation-via-google-group-relay-with-suspicious-indicators-57f9cd3b | |
VIP impersonation with charitable donation fraud | Sublime Security | 1mo ago Nov 12th, 2025 | /feeds/core/detection-rules/vip-impersonation-with-charitable-donation-fraud-35a56b8e | |
Xero invoice abuse | Sublime Security | 4d ago Dec 17th, 2025 | /feeds/core/detection-rules/xero-invoice-abuse-6538c600 |