Attack Type: Credential Phishing

Credential phishing attacks are designed to steal your login information by tricking you into entering it on fake login pages. These emails impersonate trusted services like Microsoft 365, Google Workspace, or banking sites, using urgent phrases like “verify your account,” “prevent suspension,” or “view shared document” to push you into clicking.
Once you click the link, it leads to a fake login page that looks convincing. If you enter your credentials, the attacker captures them immediately. Common examples include phishing emails pretending to be DocuSign requests, Dropbox links, or HR file shares—things that feel routine but create a false sense of urgency.
Attackers often use real platforms like Microsoft Forms, Google Forms, or compromised websites to host these fake login pages, making the links appear legitimate and harder for security tools to catch. The damage doesn’t stop at just stealing your login. Once attackers gain access, they can move through your organization, steal sensitive data, send internal phishing emails, or even launch a ransomware attack.
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Brand impersonation: Punchbowl
14h ago
Jul 15th, 2026
Sublime Security
Brand impersonation: Squarespace
18h ago
Jul 15th, 2026
Sublime Security
Link: Free file host link with 'Important Viewing Note' lure
19h ago
Jul 15th, 2026
Sublime Security
Brand impersonation: Internal Revenue Service
2d ago
Jul 14th, 2026
Sublime Security
Brand impersonation: FedEx
2d ago
Jul 14th, 2026
Sublime Security
Link: Multistage landing - Abused Adobe Acrobat hosted PDF
2d ago
Jul 14th, 2026
Sublime Security
Credential phishing: Generic document share with unicode and proceedural greeting template
2d ago
Jul 14th, 2026
Sublime Security
Link: Self-sender with IP geolocation check and suspicious link behavior
2d ago
Jul 14th, 2026
Sublime Security
Open redirect: Diesel.az
2d ago
Jul 14th, 2026
Sublime Security
Link: Fraudulent state business filing notice
2d ago
Jul 14th, 2026
Sublime Security
Service abuse: Microsoft Forms Pro with suspicious links or QR codes
2d ago
Jul 14th, 2026
Sublime Security
Brand impersonation: Government / Tax Authority document lure
2d ago
Jul 14th, 2026
Sublime Security
Service abuse: Notion free-tier account impersonating VIP
2d ago
Jul 14th, 2026
Sublime Security
Malformed URL prefix
2d ago
Jul 14th, 2026
Sublime Security
Brand impersonation: GoDaddy
2d ago
Jul 14th, 2026
Sublime Security
Attachment: Encrypted PDF with credential theft language in EML
3d ago
Jul 13th, 2026
Sublime Security
Link: Generic financial document with proceedural timeline template
6d ago
Jul 10th, 2026
Sublime Security
Brand impersonation: Wix
6d ago
Jul 10th, 2026
Sublime Security
Brand impersonation: Amazon
6d ago
Jul 10th, 2026
Sublime Security
Brand impersonation: AARP
7d ago
Jul 9th, 2026
Sublime Security