• Sublime Core Feed
High Severity

Attachment: Fake lawyer & sports agent identities

Labels

BEC/Fraud
Impersonation: VIP
Social engineering
Content analysis
Exif analysis
File analysis
Optical Character Recognition

Description

Detects messages containing attachments or content that reference known fake identities used in FC Barcelona scams, including fake lawyer Michael Gerardus Hermanus Demon and sports agents with the surname Giuffrida. The rule examines EXIF metadata, OCR text from attachments, and message body content for these specific identity markers.

References

No references.

Sublime Security
Created Jan 26th, 2026 • Last updated Jan 26th, 2026
Feed Source
Sublime Core Feed
Source
GitHub
type.inbound
and length(attachments) == 1
and beta.parse_exif(attachments[0]).creator == "Gabriele Giuffrida"
MQL Rule Console
DocsLearning Labs

Playground

Test against your own EMLs or sample data.

Share

Post about this on your socials.

Get Started. Today.

Managed or self-managed. No MX changes.

Get Started
Deploy and integrate a free Sublime instance in minutes.
Get Started