Sublime Security

Sublime Core Feed
BEC/Fraud
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
ICS Phishing
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Attack Type: BEC/Fraud
Business Email Compromise (BEC) and fraud attacks rely on deception and social engineering. Instead of using links or attachments, attackers impersonate trusted figures like coworkers, executives, or vendors to trick you into sharing sensitive information or transferring funds. These attacks can bypass traditional security tools because the emails often seem harmless.
Expect fake invoices, urgent wire transfer requests, or a vendor asking you to update payment details. The first email is usually brief—just enough to start a conversation. The attacker might spoof a display name, reply to an old thread, or ask you to continue the conversation via personal email or phone. That is often the giveaway.
Even though these attacks may appear low-effort, the impact can be significant. They can lead to wire fraud, compliance violations, and damage to the organization's reputation. Organizations lose billions to BEC attacks each year.
Blog Posts
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Callback phishing via invoice abuse and distribution list relays · Blog · Sublime Security
B2B freight-forwarding scams on the rise to evade financial fraud crackdowns · Blog · Sublime Security
Detecting malicious AnonymousFox email messages sent from compromised sites · Blog · Sublime Security
Combating GenAI Email Attacks with BERT LLM · Blog · Sublime Security
Payroll Fraud via LLM-Generated Emails · Blog · Sublime Security
Fake invoice used to conduct $16,800 BEC attempt · Blog · Sublime Security
Unmasking BEC attacks using Natural Language Understanding + MQL · Blog · Sublime Security
Tactics & Techniques (22):
Social engineering
Impersonation: Domain
Impersonation: Email address
Impersonation: Brand
Evasion
Free email provider
Lookalike domain
Impersonation: Employee
Out of band pivot
Spoofing
Free subdomain host
Open redirect
ICS Phishing
Impersonation: VIP
Free file host
PDF
HTML injection
OneNote
Scripting
Encryption
Macros
QR code
Detection Methods (16):
Content analysis
Sender analysis
Header analysis
Natural Language Understanding
URL analysis
Whois
HTML analysis
Computer Vision
File analysis
Optical Character Recognition
Exif analysis
YARA
URL screenshot
Javascript analysis
Archive analysis
QR code analysis
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
Investor solicitation with organization targeting
4d ago
May 8th, 2026
Sublime Security
BEC/Fraud
Social engineering
Content analysis
BEC/Fraud
Social engineering
Content analysis
Observed IOC: Malicious sender domains
5d ago
May 7th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Malware/Ransomware
Social engineering
Sender analysis
Header analysis
BEC/Fraud
Credential Phishing
Malware/Ransomware
Social engineering
Sender analysis
Header analysis
Observed IOC: Malicious sender email addresses
5d ago
May 7th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Malware/Ransomware
Social engineering
Sender analysis
Header analysis
BEC/Fraud
Credential Phishing
Malware/Ransomware
Social engineering
Sender analysis
Header analysis
Business Email Compromise (BEC) with request for mobile number
5d ago
May 7th, 2026
Sublime Security
BEC/Fraud
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
Suspicious newly registered reply-to domain with engaging financial or urgent language
6d ago
May 6th, 2026
Sublime Security
BEC/Fraud
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
BEC/Fraud
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
Brand impersonation: Trust Wallet
8d ago
May 4th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Impersonation: Brand
Social engineering
Natural Language Understanding
Sender analysis
Header analysis
BEC/Fraud
Credential Phishing
Impersonation: Brand
Social engineering
Natural Language Understanding
Sender analysis
Header analysis
Service abuse: Payoneer callback scam
8d ago
May 4th, 2026
Sublime Security
Callback Phishing
BEC/Fraud
Evasion
Social engineering
Sender analysis
Header analysis
Content analysis
Callback Phishing
BEC/Fraud
Evasion
Social engineering
Sender analysis
Header analysis
Content analysis
Observed IOC: Malicious sender root domains
8d ago
May 4th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Malware/Ransomware
Social engineering
Sender analysis
Header analysis
BEC/Fraud
Credential Phishing
Malware/Ransomware
Social engineering
Sender analysis
Header analysis
Impersonation: Suspected supplier impersonation with suspicious content
8d ago
May 4th, 2026
Sublime Security
BEC/Fraud
Evasion
Free email provider
Lookalike domain
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
BEC/Fraud
Evasion
Free email provider
Lookalike domain
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
Callback phishing: SumUp infrastructure abuse
8d ago
May 4th, 2026
Sublime Security
BEC/Fraud
Callback Phishing
Evasion
Social engineering
Content analysis
Header analysis
Sender analysis
BEC/Fraud
Callback Phishing
Evasion
Social engineering
Content analysis
Header analysis
Sender analysis
Canva infrastructure abuse
8d ago
May 4th, 2026
Sublime Security
BEC/Fraud
Callback Phishing
Social engineering
Impersonation: Brand
Impersonation: Employee
Free email provider
Natural Language Understanding
Sender analysis
Content analysis
BEC/Fraud
Callback Phishing
Social engineering
Impersonation: Brand
Impersonation: Employee
Free email provider
Natural Language Understanding
Sender analysis
Content analysis
PayPal invoice abuse
8d ago
May 4th, 2026
Sublime Security
BEC/Fraud
Callback Phishing
Evasion
Social engineering
Content analysis
Header analysis
Sender analysis
BEC/Fraud
Callback Phishing
Evasion
Social engineering
Content analysis
Header analysis
Sender analysis
Venmo payment request abuse
8d ago
May 4th, 2026
Sublime Security
Callback Phishing
BEC/Fraud
Social engineering
Impersonation: Brand
Evasion
Natural Language Understanding
Content analysis
Sender analysis
HTML analysis
Callback Phishing
BEC/Fraud
Social engineering
Impersonation: Brand
Evasion
Natural Language Understanding
Content analysis
Sender analysis
HTML analysis
Callback phishing via Zelle Service Abuse
8d ago
May 4th, 2026
Sublime Security
BEC/Fraud
Callback Phishing
Evasion
Social engineering
Content analysis
Header analysis
Sender analysis
BEC/Fraud
Callback Phishing
Evasion
Social engineering
Content analysis
Header analysis
Sender analysis
BEC/Fraud: Student loan callback phishing
8d ago
May 4th, 2026
Sublime Security
BEC/Fraud
Free email provider
Out of band pivot
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Free email provider
Out of band pivot
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
Employee impersonation: Payroll fraud
11d ago
May 1st, 2026
Sublime Security
BEC/Fraud
Impersonation: Employee
Free email provider
Social engineering
Content analysis
Sender analysis
BEC/Fraud
Impersonation: Employee
Free email provider
Social engineering
Content analysis
Sender analysis
Link: BEC with newly registered domains and financial keywords
11d ago
May 1st, 2026
Sublime Security
BEC/Fraud
Social engineering
Evasion
Spoofing
Header analysis
Sender analysis
URL analysis
BEC/Fraud
Social engineering
Evasion
Spoofing
Header analysis
Sender analysis
URL analysis
BEC/Fraud: Generic scam attempt to undisclosed recipients
12d ago
Apr 30th, 2026
Sublime Security
BEC/Fraud
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
BEC/Fraud: Scam lure with freemail pivot
12d ago
Apr 30th, 2026
Sublime Security
BEC/Fraud
Free email provider
Out of band pivot
Content analysis
Header analysis
Sender analysis
BEC/Fraud
Free email provider
Out of band pivot
Content analysis
Header analysis
Sender analysis
BEC/Fraud: Penpal scam
12d ago
Apr 30th, 2026
Sublime Security
BEC/Fraud
Free email provider
Social engineering
Content analysis
Header analysis
Sender analysis
BEC/Fraud
Free email provider
Social engineering
Content analysis
Header analysis
Sender analysis
Page 1 of 9

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Investor solicitation with organization targeting	4d ago May 8th, 2026	Sublime Security	BEC/Fraud Social engineering Content analysis
Observed IOC: Malicious sender domains	5d ago May 7th, 2026	Sublime Security	BEC/Fraud Credential Phishing Malware/Ransomware Social engineering Sender analysis Header analysis
Observed IOC: Malicious sender email addresses	5d ago May 7th, 2026	Sublime Security	BEC/Fraud Credential Phishing Malware/Ransomware Social engineering Sender analysis Header analysis
Business Email Compromise (BEC) with request for mobile number	5d ago May 7th, 2026	Sublime Security	BEC/Fraud Social engineering Content analysis Natural Language Understanding Sender analysis
Suspicious newly registered reply-to domain with engaging financial or urgent language	6d ago May 6th, 2026	Sublime Security	BEC/Fraud Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis Whois
Brand impersonation: Trust Wallet	8d ago May 4th, 2026	Sublime Security	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Natural Language Understanding Sender analysis Header analysis
Service abuse: Payoneer callback scam	8d ago May 4th, 2026	Sublime Security	Callback Phishing BEC/Fraud Evasion Social engineering Sender analysis Header analysis Content analysis
Observed IOC: Malicious sender root domains	8d ago May 4th, 2026	Sublime Security	BEC/Fraud Credential Phishing Malware/Ransomware Social engineering Sender analysis Header analysis
Impersonation: Suspected supplier impersonation with suspicious content	8d ago May 4th, 2026	Sublime Security	BEC/Fraud Evasion Free email provider Lookalike domain Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis Whois
Callback phishing: SumUp infrastructure abuse	8d ago May 4th, 2026	Sublime Security	BEC/Fraud Callback Phishing Evasion Social engineering Content analysis Header analysis Sender analysis
Canva infrastructure abuse	8d ago May 4th, 2026	Sublime Security	BEC/Fraud Callback Phishing Social engineering Impersonation: Brand Impersonation: Employee Free email provider Natural Language Understanding Sender analysis Content analysis
PayPal invoice abuse	8d ago May 4th, 2026	Sublime Security	BEC/Fraud Callback Phishing Evasion Social engineering Content analysis Header analysis Sender analysis
Venmo payment request abuse	8d ago May 4th, 2026	Sublime Security	Callback Phishing BEC/Fraud Social engineering Impersonation: Brand Evasion Natural Language Understanding Content analysis Sender analysis HTML analysis
Callback phishing via Zelle Service Abuse	8d ago May 4th, 2026	Sublime Security	BEC/Fraud Callback Phishing Evasion Social engineering Content analysis Header analysis Sender analysis
BEC/Fraud: Student loan callback phishing	8d ago May 4th, 2026	Sublime Security	BEC/Fraud Free email provider Out of band pivot Social engineering Content analysis Natural Language Understanding Sender analysis
Employee impersonation: Payroll fraud	11d ago May 1st, 2026	Sublime Security	BEC/Fraud Impersonation: Employee Free email provider Social engineering Content analysis Sender analysis
Link: BEC with newly registered domains and financial keywords	11d ago May 1st, 2026	Sublime Security	BEC/Fraud Social engineering Evasion Spoofing Header analysis Sender analysis URL analysis
BEC/Fraud: Generic scam attempt to undisclosed recipients	12d ago Apr 30th, 2026	Sublime Security	BEC/Fraud Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
BEC/Fraud: Scam lure with freemail pivot	12d ago Apr 30th, 2026	Sublime Security	BEC/Fraud Free email provider Out of band pivot Content analysis Header analysis Sender analysis
BEC/Fraud: Penpal scam	12d ago Apr 30th, 2026	Sublime Security	BEC/Fraud Free email provider Social engineering Content analysis Header analysis Sender analysis