Detection Method: Content analysis

Content analysis looks at the language and structure of a message to identify signs of phishing, social engineering, and other malicious intent. Instead of scanning for keywords, this method uses natural language understanding (NLU) to detect meaning, intent, and tone across the message.
Content analysis helps detect:
  • BEC attempts with urgent messages from executive impersonators
  • Credential phishing disguised as login or document notifications
  • Callback scams posing as account renewals or fake support
  • Extortion threats or blackmail messages
  • Financial or personal data requests in suspicious contexts
  • Fake job offers targeting employees
  • Invoice fraud, payroll fraud, and more
For example, a phishing email may impersonate a CFO asking for a wire transfer. Content analysis can flag the urgent tone, financial context, and impersonation attempt.
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Brand impersonation: Punchbowl
14h ago
Jul 15th, 2026
Sublime Security
Link: Free file host link with 'Important Viewing Note' lure
19h ago
Jul 15th, 2026
Sublime Security
Brand impersonation: Internal Revenue Service
2d ago
Jul 14th, 2026
Sublime Security
Attachment: PDF with suspicious document view lure
2d ago
Jul 14th, 2026
Sublime Security
Business Email Compromise (BEC) with request for mobile number
2d ago
Jul 14th, 2026
Sublime Security
Credential phishing: Generic document share with unicode and proceedural greeting template
2d ago
Jul 14th, 2026
Sublime Security
Link: Fraudulent state business filing notice
2d ago
Jul 14th, 2026
Sublime Security
Service abuse: Microsoft Forms Pro with suspicious links or QR codes
2d ago
Jul 14th, 2026
Sublime Security
Brand impersonation: Government / Tax Authority document lure
2d ago
Jul 14th, 2026
Sublime Security
Service abuse: Notion free-tier account impersonating VIP
2d ago
Jul 14th, 2026
Sublime Security
VIP impersonation: VIP payment redirect handoff via fake threads
3d ago
Jul 13th, 2026
Sublime Security
VIP impersonation: Payment handoff with VIP display name authored fake threads
3d ago
Jul 13th, 2026
Sublime Security
Attachment: Encrypted PDF with credential theft language in EML
3d ago
Jul 13th, 2026
Sublime Security
VIP impersonation: Fake thread with VIPs missing email metadata
3d ago
Jul 13th, 2026
Sublime Security
Link: Generic financial document with proceedural timeline template
6d ago
Jul 10th, 2026
Sublime Security
Impersonation: Employee name in subject with suspicious sender
6d ago
Jul 10th, 2026
Sublime Security
Brand impersonation: AARP
7d ago
Jul 9th, 2026
Sublime Security
Brand impersonation: OpenAI with payment issues
7d ago
Jul 9th, 2026
Sublime Security
Credential phishing: Blue button styled link with file-sharing template artifacts
8d ago
Jul 8th, 2026
Sublime Security
Reconnaissance: Fake real estate inquiry with empty body
8d ago
Jul 8th, 2026
Sublime Security