Tactic or Technique: Evasion

Evasion techniques help attackers sneak past email security filters by hiding or disguising malicious content. These tactics are designed to fool both traditional scanners and newer AI-based systems by changing how the message is structured or displayed.
You might see phishing content buried under blocks of harmless-looking text, or important details shown as images so they can't be scanned. Some messages break up keywords using hidden HTML or use misspelled words and lookalike characters to trick you into missing the signs.
More advanced versions use JavaScript that reveals the payload only after the message has passed through security checks. Others try to confuse AI systems with prompt injection or strange formatting.
These techniques create gaps in protection and give attackers a better chance of reaching your inbox. Spotting them early is key. The more familiar you are with how these tricks work, the easier it is to catch them before they do damage.
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Attachment: Callback Phishing solicitation via pdf file
3h ago
Jun 18th, 2025 UTC
Sublime Security
/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-pdf-file-ac33f097
Attachment: Macro Files Containing MHT Content
6d ago
Jun 12th, 2025 UTC
Sublime Security
/feeds/core/detection-rules/attachment-macro-files-containing-mht-content-4d54e40b
EML attachment with credential theft language (unknown sender)
6d ago
Jun 12th, 2025 UTC
Sublime Security
/feeds/core/detection-rules/eml-attachment-with-credential-theft-language-unknown-sender-00e06af1
Suspicious message with unscannable Vercel link
8d ago
Jun 10th, 2025 UTC
Sublime Security
/feeds/core/detection-rules/suspicious-message-with-unscannable-vercel-link-b5acffe7
Link: Secure SharePoint file share from new or unusual sender
8d ago
Jun 10th, 2025 UTC
Sublime Security
/feeds/core/detection-rules/link-secure-sharepoint-file-share-from-new-or-unusual-sender-74ed3020
Attachment: Suspicious PDF Created With Headless Browser
9d ago
Jun 9th, 2025 UTC
Sublime Security
/feeds/core/detection-rules/attachment-suspicious-pdf-created-with-headless-browser-8f3108d7
Attachment: Legal Themed Message with PDF Containing Suspicious Link
12d ago
Jun 6th, 2025 UTC
Sublime Security
/feeds/core/detection-rules/attachment-legal-themed-message-with-pdf-containing-suspicious-link-19133301
Vendor Compromise: GovDelivery Message With Suspicious Link
14d ago
Jun 4th, 2025 UTC
Sublime Security
/feeds/core/detection-rules/vendor-compromise-govdelivery-message-with-suspicious-link-0d2d5172
Encrypted Microsoft Office Files From Untrusted Senders
14d ago
Jun 4th, 2025 UTC
Sublime Security
/feeds/core/detection-rules/encrypted-microsoft-office-files-from-untrusted-senders-eb7b26e7
Malformed URL prefix
15d ago
Jun 3rd, 2025 UTC
Sublime Security
/feeds/core/detection-rules/malformed-url-prefix-4e659d28
Attachment: HTML smuggling with atob and high entropy via calendar invite
15d ago
Jun 3rd, 2025 UTC
Sublime Security
/feeds/core/detection-rules/attachment-html-smuggling-with-atob-and-high-entropy-via-calendar-invite-94d84614
Attachment: HTML smuggling with eval and atob via calendar invite
15d ago
Jun 3rd, 2025 UTC
Sublime Security
/feeds/core/detection-rules/attachment-html-smuggling-with-eval-and-atob-via-calendar-invite-597c2edd
Attachment: EML with Suspicious Indicators
16d ago
Jun 2nd, 2025 UTC
Sublime Security
/feeds/core/detection-rules/attachment-eml-with-suspicious-indicators-deb5d08d
Suspicious attachment with unscannable Cloudflare link
16d ago
Jun 2nd, 2025 UTC
Sublime Security
/feeds/core/detection-rules/suspicious-attachment-with-unscannable-cloudflare-link-00f92b6f
Attachment: Fake attachment image lure
19d ago
May 30th, 2025 UTC
Sublime Security
/feeds/core/detection-rules/attachment-fake-attachment-image-lure-96b8b285
Open redirect: typedrawers.com
26d ago
May 23rd, 2025 UTC
Sublime Security
/feeds/core/detection-rules/open-redirect-typedrawerscom-158d9e95
Open Redirect: Xfinity CMP Redirection to Google AMP
26d ago
May 23rd, 2025 UTC
Sublime Security
/feeds/core/detection-rules/open-redirect-xfinity-cmp-redirection-to-google-amp-c0805b80
Open redirect: next2.io
26d ago
May 23rd, 2025 UTC
Sublime Security
/feeds/core/detection-rules/open-redirect-next2io-5085c422
Open redirect: slubnaglowie.pl
26d ago
May 23rd, 2025 UTC
Sublime Security
/feeds/core/detection-rules/open-redirect-slubnaglowiepl-2ec356d0
Service Abuse: Zoom Docs From an Unsolicited Sender Address
26d ago
May 23rd, 2025 UTC
Sublime Security
/feeds/core/detection-rules/service-abuse-zoom-docs-from-an-unsolicited-sender-address-064b2594