Tactic or Technique: Evasion

Evasion techniques help attackers sneak past email security filters by hiding or disguising malicious content. These tactics are designed to fool both traditional scanners and newer AI-based systems by changing how the message is structured or displayed.
You might see phishing content buried under blocks of harmless-looking text, or important details shown as images so they can't be scanned. Some messages break up keywords using hidden HTML or use misspelled words and lookalike characters to trick you into missing the signs.
More advanced versions use JavaScript that reveals the payload only after the message has passed through security checks. Others try to confuse AI systems with prompt injection or strange formatting.
These techniques create gaps in protection and give attackers a better chance of reaching your inbox. Spotting them early is key. The more familiar you are with how these tricks work, the easier it is to catch them before they do damage.
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Link: Self-sender with IP geolocation check and suspicious link behavior
2d ago
Jul 14th, 2026
Sublime Security
Credential phishing: Generic document share with unicode and proceedural greeting template
2d ago
Jul 14th, 2026
Sublime Security
Malformed URL prefix
2d ago
Jul 14th, 2026
Sublime Security
Attachment: Encrypted PDF with credential theft language in EML
3d ago
Jul 13th, 2026
Sublime Security
Link: Generic financial document with proceedural timeline template
6d ago
Jul 10th, 2026
Sublime Security
VIP impersonation: Fabricated thread history with fake VIP recipients
8d ago
Jul 8th, 2026
Sublime Security
VIP impersonation: Fake forwarded indicator with VIP recipient impersonation
9d ago
Jul 7th, 2026
Sublime Security
VIP impersonation: VIP recipient of previous thread with HTML generator
9d ago
Jul 7th, 2026
Sublime Security
Attachment: PDF Object Hash associated with a fake invoice and a W-9
14d ago
Jul 2nd, 2026
Sublime Security
Open redirect: JustPaste.it
14d ago
Jul 2nd, 2026
Sublime Security
Spam: Fake photo share
15d ago
Jul 1st, 2026
Sublime Security
Attachment: Suspicious PDF created with headless browser
15d ago
Jul 1st, 2026
Sublime Security
Link: Google Cloud Storage link with index.php in URL
16d ago
Jun 30th, 2026
Sublime Security
Link: Google Cloud Storage redirect to external domain
16d ago
Jun 30th, 2026
Sublime Security
Link: Google Cloud Storage with short-path link delivery
16d ago
Jun 30th, 2026
Sublime Security
HTML: Template placeholders or recipient email in element class attributes
16d ago
Jun 30th, 2026
Sublime Security
Link: Google Cloud Storage link with redirect.html in URL
16d ago
Jun 30th, 2026
Sublime Security
Link: Google Cloud Storage hosted credential harvesting page
16d ago
Jun 30th, 2026
Sublime Security
Attachment: PDF with localhost IP in EXIF title metadata
17d ago
Jun 29th, 2026
Sublime Security
Credential theft: JavaScript date manipulation in HTML body
17d ago
Jun 29th, 2026
Sublime Security