Tactic or Technique: Free email provider

Attackers often use free email services like Gmail, Hotmail, and Yahoo to send phishing messages that are harder to detect. These platforms are widely trusted and have high deliverability, which makes it easier for malicious emails to land in your inbox.
It only takes a few minutes for an attacker to create a throwaway account. From there, they can spoof a display name to look like a coworker, vendor, or partner. Since free email addresses are often used in real conversations, the message may not seem out of place.
This tactic works because it blends in. A message might look clean, use a familiar name, and avoid anything that would trigger a filter. If you’re not paying close attention, it’s easy to miss the signs and respond without realizing the sender isn’t who they claim to be.
Blog Posts
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Payroll Fraud via LLM-Generated Emails · Blog · Sublime Security
Payroll Fraud via LLM-Generated Emails · Blog · Sublime Security
Call Me Maybe? The Rise of Callback Phishing Emails · Blog · Sublime Security
Call Me Maybe? The Rise of Callback Phishing Emails · Blog · Sublime Security
Attack Types (5):
Credential Phishing
BEC/Fraud
Callback Phishing
Spam
Malware/Ransomware
Detection Methods (12):
URL analysis
Sender analysis
Content analysis
HTML analysis
Header analysis
Natural Language Understanding
Whois
Exif analysis
File analysis
Optical Character Recognition
QR code analysis
Computer Vision
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Brand impersonation: Zoom via lookalike domain
11h ago
Jun 22nd, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Free email provider
Social engineering
URL analysis
Sender analysis
Employee impersonation: Payroll fraud
5d ago
Jun 18th, 2026
Sublime Security
BEC/Fraud
Impersonation: Employee
Free email provider
Social engineering
Content analysis
Sender analysis
Evasion: Hidden content divs from freemail sender
6d ago
Jun 17th, 2026
Sublime Security
Credential Phishing
Evasion
Free email provider
HTML analysis
Content analysis
Sender analysis
Reconnaissance: Short generic greeting message
6d ago
Jun 17th, 2026
Sublime Security
BEC/Fraud
Callback Phishing
Social engineering
Free email provider
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Link: Observed URL pattern with specific domain registrar
11d ago
Jun 12th, 2026
Sublime Security
Spam
Free email provider
URL analysis
Sender analysis
Whois
Attachment: Canva PDF with susupicious author metadata
18d ago
Jun 5th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Free email provider
PDF
Exif analysis
File analysis
Spam: Default Microsoft Exchange Online sender domain (onmicrosoft.com)
18d ago
Jun 5th, 2026
Sublime Security
Callback Phishing
Credential Phishing
Spam
Free email provider
Impersonation: Brand
Social engineering
Content analysis
Sender analysis
BEC/Fraud: Job scam fake thread or plaintext pivot to freemail
18d ago
Jun 5th, 2026
Sublime Security
BEC/Fraud
Free email provider
Out of band pivot
Content analysis
File analysis
Natural Language Understanding
Attachment: Callback phishing solicitation via pdf file
18d ago
Jun 5th, 2026
Sublime Security
Callback Phishing
Evasion
Free email provider
Out of band pivot
PDF
Social engineering
Exif analysis
File analysis
Optical Character Recognition
Sender analysis
Constant Contact link infrastructure abuse
18d ago
Jun 5th, 2026
Sublime Security
Credential Phishing
Free email provider
Open redirect
Social engineering
Content analysis
Header analysis
QR code analysis
Sender analysis
BEC with unusual reply-to or return-path mismatch
18d ago
Jun 5th, 2026
Sublime Security
BEC/Fraud
Evasion
Free email provider
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
BEC/Fraud: Penpal scam
18d ago
Jun 5th, 2026
Sublime Security
BEC/Fraud
Free email provider
Social engineering
Content analysis
Header analysis
Sender analysis
ClickFunnels link infrastructure abuse
18d ago
Jun 5th, 2026
Sublime Security
Credential Phishing
Free email provider
Free subdomain host
Social engineering
Content analysis
Header analysis
QR code analysis
Sender analysis
URL analysis
Credential phishing: Engaging language and other indicators (untrusted sender)
18d ago
Jun 5th, 2026
Sublime Security
Credential Phishing
Free email provider
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
VIP Impersonation via Google Group relay with suspicious indicators
18d ago
Jun 5th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Malware/Ransomware
Evasion
Free email provider
Impersonation: Employee
Social engineering
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Service abuse: Google Groups callback scam
19d ago
Jun 4th, 2026
Sublime Security
Callback Phishing
Free email provider
Social engineering
Natural Language Understanding
Sender analysis
Scam: Fake estate sale offering welding equipment and tools
1mo ago
May 12th, 2026
Sublime Security
BEC/Fraud
Social engineering
Free email provider
Out of band pivot
Content analysis
Sender analysis
Header analysis
Service Abuse: Zoom with freemail reply-to and recipient address in greeting
1mo ago
May 6th, 2026
Sublime Security
Spam
Free email provider
Social engineering
Sender analysis
Header analysis
Content analysis
BEC/Fraud: Student loan callback phishing
1mo ago
May 4th, 2026
Sublime Security
BEC/Fraud
Free email provider
Out of band pivot
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
Impersonation: Suspected supplier impersonation with suspicious content
1mo ago
May 4th, 2026
Sublime Security
BEC/Fraud
Evasion
Free email provider
Lookalike domain
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
Page 1 of 4