Medium Severity

Service abuse: Google Groups callback scam

Labels

Callback Phishing
Free email provider
Social engineering
Natural Language Understanding
Sender analysis

Description

Detects inbound messages originating from Google Groups that contain high-confidence callback scam content, identifying abuse of the legitimate service to distribute fraudulent callback requests.

References

No references.

Sublime Security
Created Jun 4th, 2026 • Last updated Jun 4th, 2026
Feed Source
Sublime Core Feed
Source
GitHub
type.inbound
and sender.email.domain.domain == "groups.google.com"
and any(ml.nlu_classifier(body.current_thread.text).intents,
        .name == "callback_scam" and .confidence == "high"
)
MQL Rule Console
DocsLearning Labs

Playground

Test against your own EMLs or sample data.

Share

Post about this on your socials.

Get Started. Today.

Managed or self-managed. No MX changes.

Get Started
Deploy and integrate a free Sublime instance in minutes.
Get Started