Tactic or Technique: Free email provider

Attackers often use free email services like Gmail, Hotmail, and Yahoo to send phishing messages that are harder to detect. These platforms are widely trusted and have high deliverability, which makes it easier for malicious emails to land in your inbox.
It only takes a few minutes for an attacker to create a throwaway account. From there, they can spoof a display name to look like a coworker, vendor, or partner. Since free email addresses are often used in real conversations, the message may not seem out of place.
This tactic works because it blends in. A message might look clean, use a familiar name, and avoid anything that would trigger a filter. If you’re not paying close attention, it’s easy to miss the signs and respond without realizing the sender isn’t who they claim to be.
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Impersonation: Employee name in subject with suspicious sender
6d ago
Jul 10th, 2026
Sublime Security
Attachment: Romance scam with image lure and advance-fee or suspicious link indicators
15d ago
Jul 1st, 2026
Sublime Security
Request for Quote or Purchase (RFQ|RFP) with suspicious sender or recipient pattern
20d ago
Jun 26th, 2026
Sublime Security
Suspicious request for financial information
21d ago
Jun 25th, 2026
Sublime Security
Brand impersonation: Zoom via lookalike domain
24d ago
Jun 22nd, 2026
Sublime Security
Employee impersonation: Payroll fraud
28d ago
Jun 18th, 2026
Sublime Security
Evasion: Hidden content divs from freemail sender
29d ago
Jun 17th, 2026
Sublime Security
Reconnaissance: Short generic greeting message
29d ago
Jun 17th, 2026
Sublime Security
Link: Observed URL pattern with specific domain registrar
1mo ago
Jun 12th, 2026
Sublime Security
Attachment: Canva PDF with susupicious author metadata
1mo ago
Jun 5th, 2026
Sublime Security
Spam: Default Microsoft Exchange Online sender domain (onmicrosoft.com)
1mo ago
Jun 5th, 2026
Sublime Security
VIP Impersonation via Google Group relay with suspicious indicators
1mo ago
Jun 5th, 2026
Sublime Security
BEC/Fraud: Job scam fake thread or plaintext pivot to freemail
1mo ago
Jun 5th, 2026
Sublime Security
Attachment: Callback phishing solicitation via pdf file
1mo ago
Jun 5th, 2026
Sublime Security
Constant Contact link infrastructure abuse
1mo ago
Jun 5th, 2026
Sublime Security
BEC with unusual reply-to or return-path mismatch
1mo ago
Jun 5th, 2026
Sublime Security
Credential phishing: Engaging language and other indicators (untrusted sender)
1mo ago
Jun 5th, 2026
Sublime Security
BEC/Fraud: Penpal scam
1mo ago
Jun 5th, 2026
Sublime Security
ClickFunnels link infrastructure abuse
1mo ago
Jun 5th, 2026
Sublime Security
Service abuse: Google Groups callback scam
1mo ago
Jun 4th, 2026
Sublime Security