Tactic or Technique: Free email provider

Attackers often use free email services like Gmail, Hotmail, and Yahoo to send phishing messages that are harder to detect. These platforms are widely trusted and have high deliverability, which makes it easier for malicious emails to land in your inbox.
It only takes a few minutes for an attacker to create a throwaway account. From there, they can spoof a display name to look like a coworker, vendor, or partner. Since free email addresses are often used in real conversations, the message may not seem out of place.
This tactic works because it blends in. A message might look clean, use a familiar name, and avoid anything that would trigger a filter. If you’re not paying close attention, it’s easy to miss the signs and respond without realizing the sender isn’t who they claim to be.
Blog Posts
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Payroll Fraud via LLM-Generated Emails · Blog · Sublime Security
Payroll Fraud via LLM-Generated Emails · Blog · Sublime Security
Call Me Maybe? The Rise of Callback Phishing Emails · Blog · Sublime Security
Call Me Maybe? The Rise of Callback Phishing Emails · Blog · Sublime Security
Attack Types (5):
Spam
BEC/Fraud
Callback Phishing
Credential Phishing
Malware/Ransomware
Detection Methods (12):
Sender analysis
Header analysis
Content analysis
Natural Language Understanding
File analysis
HTML analysis
Exif analysis
Optical Character Recognition
URL analysis
Whois
Computer Vision
QR code analysis
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Service Abuse: Zoom with freemail reply-to and recipient address in greeting
6d ago
May 6th, 2026
Sublime Security
Spam
Free email provider
Social engineering
Sender analysis
Header analysis
Content analysis
BEC/Fraud: Student loan callback phishing
8d ago
May 4th, 2026
Sublime Security
BEC/Fraud
Free email provider
Out of band pivot
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
Callback phishing: AOL senders with suspicious HTML template or PDF attachment
8d ago
May 4th, 2026
Sublime Security
Callback Phishing
Free email provider
Social engineering
Content analysis
Header analysis
File analysis
HTML analysis
Exif analysis
Sender analysis
Callback phishing via Google Group abuse
8d ago
May 4th, 2026
Sublime Security
Callback Phishing
Free email provider
Impersonation: Brand
Social engineering
File analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
Canva infrastructure abuse
8d ago
May 4th, 2026
Sublime Security
BEC/Fraud
Callback Phishing
Social engineering
Impersonation: Brand
Impersonation: Employee
Free email provider
Natural Language Understanding
Sender analysis
Content analysis
Impersonation: Suspected supplier impersonation with suspicious content
8d ago
May 4th, 2026
Sublime Security
BEC/Fraud
Evasion
Free email provider
Lookalike domain
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
Callback phishing via Intuit service abuse
8d ago
May 4th, 2026
Sublime Security
Callback Phishing
Evasion
Free email provider
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
Header analysis
Optical Character Recognition
Employee impersonation: Payroll fraud
11d ago
May 1st, 2026
Sublime Security
BEC/Fraud
Impersonation: Employee
Free email provider
Social engineering
Content analysis
Sender analysis
BEC/Fraud: Scam lure with freemail pivot
12d ago
Apr 30th, 2026
Sublime Security
BEC/Fraud
Free email provider
Out of band pivot
Content analysis
Header analysis
Sender analysis
BEC/Fraud: Penpal scam
12d ago
Apr 30th, 2026
Sublime Security
BEC/Fraud
Free email provider
Social engineering
Content analysis
Header analysis
Sender analysis
Link: Google Calendar invite linking to an open redirect from an untrusted freemail sender
14d ago
Apr 28th, 2026
Sublime Security
Spam
Free email provider
Free file host
ICS Phishing
Open redirect
Social engineering
Content analysis
Sender analysis
URL analysis
Attachment: Calendar invite with suspicious link leading to an open redirect
14d ago
Apr 28th, 2026
Sublime Security
Spam
Free email provider
Free file host
Free subdomain host
ICS Phishing
Open redirect
Content analysis
URL analysis
COVID-19 themed fraud with sender and reply-to mismatch or compensation award
15d ago
Apr 27th, 2026
Sublime Security
BEC/Fraud
Free email provider
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
BEC/Fraud: Job scam fake thread or plaintext pivot to freemail
15d ago
Apr 27th, 2026
Sublime Security
BEC/Fraud
Free email provider
Out of band pivot
Content analysis
File analysis
Natural Language Understanding
Suspicious request for financial information
15d ago
Apr 27th, 2026
Sublime Security
BEC/Fraud
Free email provider
Impersonation: Employee
Impersonation: VIP
Social engineering
Content analysis
Header analysis
Sender analysis
Request for Quote or Purchase (RFQ|RFP) with suspicious sender or recipient pattern
15d ago
Apr 27th, 2026
Sublime Security
BEC/Fraud
Evasion
Free email provider
Content analysis
Natural Language Understanding
URL analysis
BEC/Fraud: Urgent language and suspicious sending/infrastructure patterns
25d ago
Apr 17th, 2026
Sublime Security
BEC/Fraud
Callback Phishing
Spam
Impersonation: Brand
Social engineering
Free email provider
Content analysis
Header analysis
Sender analysis
Whois
Brand impersonation: Zoom via lookalike domain
1mo ago
Apr 7th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Free email provider
Social engineering
URL analysis
Sender analysis
Link: Apple TestFlight from suspicious sender
1mo ago
Apr 1st, 2026
Sublime Security
Credential Phishing
Free email provider
Evasion
Sender analysis
URL analysis
Spam: Fake dating profile notification
1mo ago
Mar 20th, 2026
Sublime Security
Spam
Free email provider
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
Page 1 of 4