Attack Type: BEC/Fraud

Business Email Compromise (BEC) and fraud attacks rely on deception and social engineering. Instead of using links or attachments, attackers impersonate trusted figures like coworkers, executives, or vendors to trick you into sharing sensitive information or transferring funds. These attacks can bypass traditional security tools because the emails often seem harmless.
Expect fake invoices, urgent wire transfer requests, or a vendor asking you to update payment details. The first email is usually brief—just enough to start a conversation. The attacker might spoof a display name, reply to an old thread, or ask you to continue the conversation via personal email or phone. That is often the giveaway.
Even though these attacks may appear low-effort, the impact can be significant. They can lead to wire fraud, compliance violations, and damage to the organization's reputation. Organizations lose billions to BEC attacks each year.
Blog Posts
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Callback phishing via invoice abuse and distribution list relays · Blog · Sublime Security
Callback phishing via invoice abuse and distribution list relays · Blog · Sublime Security
B2B freight-forwarding scams on the rise to evade financial fraud crackdowns · Blog · Sublime Security
B2B freight-forwarding scams on the rise to evade financial fraud crackdowns · Blog · Sublime Security
Detecting malicious AnonymousFox email messages sent from compromised sites · Blog · Sublime Security
Detecting malicious AnonymousFox email messages sent from compromised sites · Blog · Sublime Security
Combating GenAI Email Attacks with BERT LLM · Blog · Sublime Security
Combating GenAI Email Attacks with BERT LLM · Blog · Sublime Security
Payroll Fraud via LLM-Generated Emails · Blog · Sublime Security
Payroll Fraud via LLM-Generated Emails · Blog · Sublime Security
Fake invoice used to conduct $16,800 BEC attempt · Blog · Sublime Security
Fake invoice used to conduct $16,800 BEC attempt · Blog · Sublime Security
Unmasking BEC attacks using Natural Language Understanding + MQL · Blog · Sublime Security
Unmasking BEC attacks using Natural Language Understanding + MQL · Blog · Sublime Security
Tactics & Techniques (19):
Evasion
Spoofing
Impersonation: VIP
Impersonation: Brand
Social engineering
Free email provider
Free subdomain host
Free file host
Impersonation: Employee
PDF
Lookalike domain
Out of band pivot
HTML injection
OneNote
Open redirect
Scripting
Encryption
Macros
QR code
Detection Methods (16):
Sender analysis
Content analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
URL analysis
HTML analysis
File analysis
Whois
Exif analysis
YARA
Computer Vision
URL screenshot
Javascript analysis
Archive analysis
QR code analysis
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Sender: IP address in local part
2d ago
Mar 12th, 2026
Sublime Security
Spam
Credential Phishing
BEC/Fraud
Evasion
Spoofing
Sender analysis
VIP impersonation with w2 request with reply-to mismatch
2d ago
Mar 12th, 2026
Sublime Security
BEC/Fraud
Impersonation: VIP
Content analysis
Header analysis
Natural Language Understanding
Brand impersonation: SendGrid
2d ago
Mar 12th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Spam
Impersonation: Brand
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
BEC/Fraud: Reply-chain manipulation with urgent keywords and self-reply
3d ago
Mar 11th, 2026
Sublime Security
BEC/Fraud
Social engineering
Evasion
Content analysis
Header analysis
Sender analysis
Brand impersonation: McAfee
3d ago
Mar 11th, 2026
Sublime Security
Credential Phishing
BEC/Fraud
Callback Phishing
Impersonation: Brand
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Impersonation: Legal firm with copyright infringement notice
4d ago
Mar 10th, 2026
Sublime Security
BEC/Fraud
Extortion
Impersonation: Brand
Social engineering
Content analysis
Header analysis
Sender analysis
BEC/Fraud: Romance scam
5d ago
Mar 9th, 2026
Sublime Security
BEC/Fraud
Free email provider
Social engineering
Content analysis
Header analysis
Request for Quote or Purchase (RFQ|RFP) with suspicious sender or recipient pattern
5d ago
Mar 9th, 2026
Sublime Security
BEC/Fraud
Evasion
Free email provider
Content analysis
Natural Language Understanding
URL analysis
Link: Google Drawings link from new sender
5d ago
Mar 9th, 2026
Sublime Security
Credential Phishing
BEC/Fraud
Social engineering
URL analysis
Sender analysis
Suspicious display name: Gmail sender with engaging language
8d ago
Mar 6th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Social engineering
Sender analysis
Service abuse: Nylas tracking subdomain with suspicious content
8d ago
Mar 6th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Evasion
Social engineering
Content analysis
Natural Language Understanding
URL analysis
Service abuse: HungerRush domain with SendGrid tracking targeting ProtonMail
10d ago
Mar 4th, 2026
Sublime Security
BEC/Fraud
Evasion
Sender analysis
HTML analysis
Content analysis
BEC with unusual reply-to or return-path mismatch
11d ago
Mar 3rd, 2026
Sublime Security
BEC/Fraud
Evasion
Free email provider
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Fake warning banner using confusable characters
12d ago
Mar 2nd, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Evasion
Social engineering
Content analysis
VIP / Executive impersonation (strict match, untrusted)
17d ago
Feb 25th, 2026
Sublime Security
BEC/Fraud
Impersonation: VIP
Header analysis
Sender analysis
Tax Form: W-8BEN solicitation
19d ago
Feb 23rd, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Social engineering
Content analysis
Header analysis
URL analysis
Reconnaissance: Email address harvesting attempt
19d ago
Feb 23rd, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Spam
Free email provider
Social engineering
Content analysis
Header analysis
Sender analysis
URL analysis
Link: WordPress login page with Blogspot Binance scam
25d ago
Feb 17th, 2026
Sublime Security
Credential Phishing
BEC/Fraud
Social engineering
Free subdomain host
Impersonation: Brand
Content analysis
URL analysis
Link: Hotel booking spoofed display URL
25d ago
Feb 17th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Evasion
Social engineering
URL analysis
Sender analysis
File sharing link with a suspicious subject
25d ago
Feb 17th, 2026
Sublime Security
BEC/Fraud
Free file host
Social engineering
Header analysis
Sender analysis
URL analysis
Page 1 of 9