• Sublime Core Feed
Medium Severity

Brand impersonation: Purdue ePlanroom with suspicious links

Labels

Credential Phishing
BEC/Fraud
Impersonation: Brand
Social engineering
Content analysis
Sender analysis
URL analysis

Description

Detects messages impersonating Purdue ePlanroom with links that either not from the legitimate reprographix.com domain or contain suspicious credential theft indicators.

References

No references.

Sublime Security
Created Dec 2nd, 2025 • Last updated Dec 2nd, 2025
Feed Source
Sublime Core Feed
Source
GitHub
type.inbound
and strings.icontains(body.current_thread.text, "Purdue ePlanroom")
and (
  any(filter(body.links, strings.contains(.display_text, "Review This Project")),
      .href_url.domain.root_domain != "reprographix.com"
  )
  or any(body.links, ml.link_analysis(.).credphish.disposition == "phishing")
)
and not (
  sender.email.domain.root_domain == "reprographix.com"
  and headers.auth_summary.dmarc.pass
)
MQL Rule Console
DocsLearning Labs

Playground

Test against your own EMLs or sample data.

Share

Post about this on your socials.

Get Started. Today.

Managed or self-managed. No MX changes.

Get Started
Deploy and integrate a free Sublime instance in minutes.
Get Started