• Free email provider

Tactic or Technique: Free email provider

Attackers often use free email services like Gmail, Hotmail, and Yahoo to send phishing messages that are harder to detect. These platforms are widely trusted and have high deliverability, which makes it easier for malicious emails to land in your inbox.
It only takes a few minutes for an attacker to create a throwaway account. From there, they can spoof a display name to look like a coworker, vendor, or partner. Since free email addresses are often used in real conversations, the message may not seem out of place.
This tactic works because it blends in. A message might look clean, use a familiar name, and avoid anything that would trigger a filter. If you’re not paying close attention, it’s easy to miss the signs and respond without realizing the sender isn’t who they claim to be.
Blog Posts
Hiding a $50,000 BEC financial fraud in a fake email thread
Hiding a $50,000 BEC financial fraud in a fake email thread
Payroll Fraud via LLM-Generated Emails
Payroll Fraud via LLM-Generated Emails
Call Me Maybe? The Rise of Callback Phishing Emails
Call Me Maybe? The Rise of Callback Phishing Emails
Attack Types (4):
Credential Phishing
Callback Phishing
Spam
BEC/Fraud
Detection Methods (12):
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
Exif analysis
File analysis
Optical Character Recognition
HTML analysis
Computer Vision
QR code analysis
Whois
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Credential phishing: Engaging language and other indicators (untrusted sender)
9h ago
Jun 18th, 2025 UTC
Sublime Security
Credential Phishing
Free email provider
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
/feeds/core/detection-rules/credential-phishing-engaging-language-and-other-indicators-untrusted-sender-c2bc8ca2
Attachment: Callback Phishing solicitation via pdf file
9h ago
Jun 18th, 2025 UTC
Sublime Security
Callback Phishing
Evasion
Free email provider
Out of band pivot
PDF
Social engineering
Exif analysis
File analysis
Optical Character Recognition
Sender analysis
/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-pdf-file-ac33f097
Callback Phishing solicitation in message body
2d ago
Jun 16th, 2025 UTC
Sublime Security
Callback Phishing
Free email provider
Impersonation: Brand
Out of band pivot
Social engineering
File analysis
Sender analysis
/feeds/core/detection-rules/callback-phishing-solicitation-in-message-body-10a3a446
Suspicious mailer received from Gmail servers
6d ago
Jun 12th, 2025 UTC
Sublime Security
Callback Phishing
Spam
Free email provider
Social engineering
Header analysis
/feeds/core/detection-rules/suspicious-mailer-received-from-gmail-servers-f05f04ee
Scam: Piano Giveaway
7d ago
Jun 11th, 2025 UTC
Sublime Security
BEC/Fraud
Free email provider
Content analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/scam-piano-giveaway-1a91a203
Callback Phishing: AOL Senders with Suspicious HTML Template or PDF Attachment
15d ago
Jun 3rd, 2025 UTC
Sublime Security
Callback Phishing
Free email provider
Social engineering
Content analysis
Header analysis
File analysis
HTML analysis
Exif analysis
Sender analysis
/feeds/core/detection-rules/callback-phishing-aol-senders-with-suspicious-html-template-or-pdf-attachment-f6044eed
Spam: Sexually Explicit Google Drive Share
20d ago
May 29th, 2025 UTC
Sublime Security
Spam
Social engineering
Free email provider
Content analysis
Sender analysis
/feeds/core/detection-rules/spam-sexually-explicit-google-drive-share-3f951c06
Spam: Sexually Explicit Google Group Invitation
20d ago
May 29th, 2025 UTC
Sublime Security
Spam
Free email provider
Social engineering
Content analysis
Sender analysis
/feeds/core/detection-rules/spam-sexually-explicit-google-group-invitation-4e0bec29
Spam: Sexually Explicit Looker Studio Report
20d ago
May 29th, 2025 UTC
Sublime Security
Spam
Social engineering
Free email provider
Content analysis
Sender analysis
/feeds/core/detection-rules/spam-sexually-explicit-looker-studio-report-f1e649cd
Free Email Provider Sender with Mismatched Provider Reply-To
26d ago
May 23rd, 2025 UTC
Sublime Security
BEC/Fraud
Credential Phishing
Free email provider
Social engineering
Header analysis
Sender analysis
/feeds/core/detection-rules/free-email-provider-sender-with-mismatched-provider-reply-to-fcd831d0
Callback phishing via Intuit service abuse
28d ago
May 21st, 2025 UTC
Sublime Security
Callback Phishing
Evasion
Free email provider
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
Header analysis
Optical Character Recognition
/feeds/core/detection-rules/callback-phishing-via-intuit-service-abuse-f2fe1294
ClickFunnels link infrastructure abuse
1mo ago
May 16th, 2025 UTC
Sublime Security
Credential Phishing
Free email provider
Free subdomain host
Social engineering
Content analysis
Header analysis
QR code analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/clickfunnels-link-infrastructure-abuse-9192fbe9
Request for Quote or Purchase (RFQ|RFP) with suspicious sender or recipient pattern
1mo ago
May 14th, 2025 UTC
Sublime Security
BEC/Fraud
Evasion
Free email provider
Content analysis
Natural Language Understanding
URL analysis
/feeds/core/detection-rules/request-for-quote-or-purchase-rfqorrfp-with-suspicious-sender-or-recipient-pattern-2ac0d329
Link: Multistage Landing - Abused Google Drive
1mo ago
May 5th, 2025 UTC
Sublime Security
Credential Phishing
Evasion
Free email provider
Free file host
Content analysis
Sender analysis
URL analysis
Whois
HTML analysis
/feeds/core/detection-rules/link-multistage-landing-abused-google-drive-c86288b4
Service Abuse: Google Drive Share From an Unsolicited Reply-To Address
2mo ago
Apr 11th, 2025 UTC
Sublime Security
BEC/Fraud
Callback Phishing
Credential Phishing
Free email provider
Social engineering
Free file host
Header analysis
Sender analysis
/feeds/core/detection-rules/service-abuse-google-drive-share-from-an-unsolicited-reply-to-address-4581ec0c
Suspicious SharePoint File Sharing
2mo ago
Apr 11th, 2025 UTC
Sublime Security
Credential Phishing
Free email provider
Free file host
OneNote
PDF
Content analysis
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/suspicious-sharepoint-file-sharing-971c3d9c
Canva Infrastructure Abuse
2mo ago
Apr 1st, 2025 UTC
Sublime Security
BEC/Fraud
Callback Phishing
Social engineering
Impersonation: Brand
Impersonation: Employee
Free email provider
Natural Language Understanding
Sender analysis
Content analysis
/feeds/core/detection-rules/canva-infrastructure-abuse-b69fdb5c
Impersonation: Chrome Web Store Policy
3mo ago
Mar 18th, 2025 UTC
Sublime Security
Credential Phishing
Impersonation: Brand
Free email provider
Lookalike domain
Content analysis
Header analysis
HTML analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/impersonation-chrome-web-store-policy-4a98f283
Attachment: Callback Phishing solicitation via image file
3mo ago
Mar 12th, 2025 UTC
@vector_sec
Callback Phishing
Evasion
Free email provider
Out of band pivot
Social engineering
Image as content
Content analysis
Optical Character Recognition
Sender analysis
URL analysis
Computer Vision
/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-image-file-60acbb36
BEC/Fraud: Urgent Language and Suspicious Sending/Infrastructure Patterns
3mo ago
Mar 10th, 2025 UTC
Sublime Security
BEC/Fraud
Callback Phishing
Spam
Impersonation: Brand
Social engineering
Free email provider
Content analysis
Header analysis
Sender analysis
Whois
/feeds/core/detection-rules/becfraud-urgent-language-and-suspicious-sendinginfrastructure-patterns-ba8a79e0