Sublime Security

Sublime Core Feed
BEC/Fraud
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Attack Type: BEC/Fraud
Business Email Compromise (BEC) and fraud attacks rely on deception and social engineering. Instead of using links or attachments, attackers impersonate trusted figures like coworkers, executives, or vendors to trick you into sharing sensitive information or transferring funds. These attacks can bypass traditional security tools because the emails often seem harmless.
Expect fake invoices, urgent wire transfer requests, or a vendor asking you to update payment details. The first email is usually brief—just enough to start a conversation. The attacker might spoof a display name, reply to an old thread, or ask you to continue the conversation via personal email or phone. That is often the giveaway.
Even though these attacks may appear low-effort, the impact can be significant. They can lead to wire fraud, compliance violations, and damage to the organization's reputation. Organizations lose billions to BEC attacks each year.
Blog Posts
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Callback phishing via invoice abuse and distribution list relays · Blog · Sublime Security
B2B freight-forwarding scams on the rise to evade financial fraud crackdowns · Blog · Sublime Security
Detecting malicious AnonymousFox email messages sent from compromised sites · Blog · Sublime Security
Combating GenAI Email Attacks with BERT LLM · Blog · Sublime Security
Payroll Fraud via LLM-Generated Emails · Blog · Sublime Security
Fake invoice used to conduct $16,800 BEC attempt · Blog · Sublime Security
Unmasking BEC attacks using Natural Language Understanding + MQL · Blog · Sublime Security
Tactics & Techniques (19):
Impersonation: Brand
Social engineering
Free email provider
Free file host
Free subdomain host
Evasion
Open redirect
Impersonation: VIP
Spoofing
PDF
Lookalike domain
Impersonation: Employee
Out of band pivot
HTML injection
OneNote
Scripting
Encryption
Macros
QR code
Detection Methods (16):
Content analysis
Header analysis
Sender analysis
Whois
Natural Language Understanding
URL analysis
File analysis
Optical Character Recognition
Exif analysis
YARA
HTML analysis
Computer Vision
URL screenshot
Javascript analysis
Archive analysis
QR code analysis
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
BEC/Fraud: Urgent language and suspicious sending/infrastructure patterns
3d ago
Apr 17th, 2026
Sublime Security
BEC/Fraud
Callback Phishing
Spam
Impersonation: Brand
Social engineering
Free email provider
Content analysis
Header analysis
Sender analysis
Whois
BEC/Fraud
Callback Phishing
Spam
Impersonation: Brand
Social engineering
Free email provider
Content analysis
Header analysis
Sender analysis
Whois
Advance Fee Fraud (AFF) from freemail provider or suspicious TLD
6d ago
Apr 14th, 2026
Sublime Security
BEC/Fraud
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Link: Tax document lure Portuguese/Spanish with suspicious domains
6d ago
Apr 14th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Malware/Ransomware
Free file host
Free subdomain host
Social engineering
Content analysis
URL analysis
Whois
BEC/Fraud
Credential Phishing
Malware/Ransomware
Free file host
Free subdomain host
Social engineering
Content analysis
URL analysis
Whois
Link: Shortened URL with fragment matching subject
11d ago
Apr 9th, 2026
Sublime Security
Credential Phishing
BEC/Fraud
Evasion
Social engineering
Content analysis
URL analysis
Header analysis
Credential Phishing
BEC/Fraud
Evasion
Social engineering
Content analysis
URL analysis
Header analysis
Brand impersonation: McAfee
11d ago
Apr 9th, 2026
Sublime Security
Credential Phishing
BEC/Fraud
Callback Phishing
Impersonation: Brand
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Credential Phishing
BEC/Fraud
Callback Phishing
Impersonation: Brand
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Attachment: Calendar invite with Google redirect and invoice request
12d ago
Apr 8th, 2026
Sublime Security
Credential Phishing
BEC/Fraud
Open redirect
Social engineering
File analysis
Natural Language Understanding
URL analysis
Credential Phishing
BEC/Fraud
Open redirect
Social engineering
File analysis
Natural Language Understanding
URL analysis
Body: PayApp transaction reference pattern
13d ago
Apr 7th, 2026
Sublime Security
Callback Phishing
BEC/Fraud
Impersonation: Brand
Social engineering
Content analysis
Callback Phishing
BEC/Fraud
Impersonation: Brand
Social engineering
Content analysis
VIP impersonation: Fake thread with display name match, email mismatch
17d ago
Apr 3rd, 2026
Sublime Security
BEC/Fraud
Evasion
Impersonation: VIP
Social engineering
Spoofing
Content analysis
Header analysis
Sender analysis
Whois
BEC/Fraud
Evasion
Impersonation: VIP
Social engineering
Spoofing
Content analysis
Header analysis
Sender analysis
Whois
Attachment: Legal themed message or PDF with suspicious indicators
17d ago
Apr 3rd, 2026
Sublime Security
Credential Phishing
Extortion
BEC/Fraud
Evasion
PDF
Social engineering
Content analysis
File analysis
Natural Language Understanding
Optical Character Recognition
URL analysis
Whois
Header analysis
Exif analysis
Credential Phishing
Extortion
BEC/Fraud
Evasion
PDF
Social engineering
Content analysis
File analysis
Natural Language Understanding
Optical Character Recognition
URL analysis
Whois
Header analysis
Exif analysis
Impersonation: Social Security Administration (SSA)
19d ago
Apr 1st, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
Sender analysis
URL analysis
BEC/Fraud
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
Sender analysis
URL analysis
Link: RFI document reference pattern in display text
19d ago
Apr 1st, 2026
Sublime Security
BEC/Fraud
Social engineering
Content analysis
URL analysis
BEC/Fraud
Social engineering
Content analysis
URL analysis
Credential phishing: Generic document share template
20d ago
Mar 31st, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Social engineering
Evasion
Content analysis
Natural Language Understanding
BEC/Fraud
Credential Phishing
Social engineering
Evasion
Content analysis
Natural Language Understanding
Business Email Compromise: Request for mobile number via reply thread hijacking
20d ago
Mar 31st, 2026
Sublime Security
BEC/Fraud
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
Attachment: PDF bid/proposal lure with credential theft indicators
24d ago
Mar 27th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
PDF
Social engineering
Free file host
Free subdomain host
File analysis
Content analysis
Optical Character Recognition
Natural Language Understanding
URL analysis
Exif analysis
BEC/Fraud
Credential Phishing
PDF
Social engineering
Free file host
Free subdomain host
File analysis
Content analysis
Optical Character Recognition
Natural Language Understanding
URL analysis
Exif analysis
Business Email Compromise (BEC) with request for mobile number
25d ago
Mar 26th, 2026
Sublime Security
BEC/Fraud
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
Lookalike sender domain (untrusted sender)
26d ago
Mar 25th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Malware/Ransomware
Lookalike domain
Social engineering
Sender analysis
BEC/Fraud
Credential Phishing
Malware/Ransomware
Lookalike domain
Social engineering
Sender analysis
VIP impersonation with urgent request (strict match, untrusted sender)
26d ago
Mar 25th, 2026
Sublime Security
BEC/Fraud
Impersonation: VIP
Social engineering
Content analysis
Content analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Impersonation: VIP
Social engineering
Content analysis
Content analysis
Natural Language Understanding
Sender analysis
VIP impersonation with BEC language (near match, untrusted sender)
26d ago
Mar 25th, 2026
Sublime Security
BEC/Fraud
Impersonation: VIP
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Impersonation: VIP
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
Brand Impersonation: Procore
1mo ago
Mar 20th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
Sender analysis
BEC/Fraud
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
Sender analysis
Attachment: PDF contains W9 or invoice YARA signatures
1mo ago
Mar 18th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
PDF
Social engineering
File analysis
YARA
BEC/Fraud
Credential Phishing
PDF
Social engineering
File analysis
YARA
Page 1 of 9

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
BEC/Fraud: Urgent language and suspicious sending/infrastructure patterns	3d ago Apr 17th, 2026	Sublime Security	BEC/Fraud Callback Phishing Spam Impersonation: Brand Social engineering Free email provider Content analysis Header analysis Sender analysis Whois
Advance Fee Fraud (AFF) from freemail provider or suspicious TLD	6d ago Apr 14th, 2026	Sublime Security	BEC/Fraud Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
Link: Tax document lure Portuguese/Spanish with suspicious domains	6d ago Apr 14th, 2026	Sublime Security	BEC/Fraud Credential Phishing Malware/Ransomware Free file host Free subdomain host Social engineering Content analysis URL analysis Whois
Link: Shortened URL with fragment matching subject	11d ago Apr 9th, 2026	Sublime Security	Credential Phishing BEC/Fraud Evasion Social engineering Content analysis URL analysis Header analysis
Brand impersonation: McAfee	11d ago Apr 9th, 2026	Sublime Security	Credential Phishing BEC/Fraud Callback Phishing Impersonation: Brand Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
Attachment: Calendar invite with Google redirect and invoice request	12d ago Apr 8th, 2026	Sublime Security	Credential Phishing BEC/Fraud Open redirect Social engineering File analysis Natural Language Understanding URL analysis
Body: PayApp transaction reference pattern	13d ago Apr 7th, 2026	Sublime Security	Callback Phishing BEC/Fraud Impersonation: Brand Social engineering Content analysis
VIP impersonation: Fake thread with display name match, email mismatch	17d ago Apr 3rd, 2026	Sublime Security	BEC/Fraud Evasion Impersonation: VIP Social engineering Spoofing Content analysis Header analysis Sender analysis Whois
Attachment: Legal themed message or PDF with suspicious indicators	17d ago Apr 3rd, 2026	Sublime Security	Credential Phishing Extortion BEC/Fraud Evasion PDF Social engineering Content analysis File analysis Natural Language Understanding Optical Character Recognition URL analysis Whois Header analysis Exif analysis
Impersonation: Social Security Administration (SSA)	19d ago Apr 1st, 2026	Sublime Security	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Content analysis Sender analysis URL analysis
Link: RFI document reference pattern in display text	19d ago Apr 1st, 2026	Sublime Security	BEC/Fraud Social engineering Content analysis URL analysis
Credential phishing: Generic document share template	20d ago Mar 31st, 2026	Sublime Security	BEC/Fraud Credential Phishing Social engineering Evasion Content analysis Natural Language Understanding
Business Email Compromise: Request for mobile number via reply thread hijacking	20d ago Mar 31st, 2026	Sublime Security	BEC/Fraud Social engineering Content analysis Natural Language Understanding Sender analysis
Attachment: PDF bid/proposal lure with credential theft indicators	24d ago Mar 27th, 2026	Sublime Security	BEC/Fraud Credential Phishing PDF Social engineering Free file host Free subdomain host File analysis Content analysis Optical Character Recognition Natural Language Understanding URL analysis Exif analysis
Business Email Compromise (BEC) with request for mobile number	25d ago Mar 26th, 2026	Sublime Security	BEC/Fraud Social engineering Content analysis Natural Language Understanding Sender analysis
Lookalike sender domain (untrusted sender)	26d ago Mar 25th, 2026	Sublime Security	BEC/Fraud Credential Phishing Malware/Ransomware Lookalike domain Social engineering Sender analysis
VIP impersonation with urgent request (strict match, untrusted sender)	26d ago Mar 25th, 2026	Sublime Security	BEC/Fraud Impersonation: VIP Social engineering Content analysis Content analysis Natural Language Understanding Sender analysis
VIP impersonation with BEC language (near match, untrusted sender)	26d ago Mar 25th, 2026	Sublime Security	BEC/Fraud Impersonation: VIP Social engineering Content analysis Natural Language Understanding Sender analysis
Brand Impersonation: Procore	1mo ago Mar 20th, 2026	Sublime Security	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Content analysis Sender analysis
Attachment: PDF contains W9 or invoice YARA signatures	1mo ago Mar 18th, 2026	Sublime Security	BEC/Fraud Credential Phishing PDF Social engineering File analysis YARA