Sublime Security

Sublime Core Feed
Image as content
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
ICS Phishing
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Tactic or Technique: Image as content
Phishing attacks sometimes use images instead of text to hide their intent and evade detection. This technique, often called “image as content,” involves embedding fake login prompts, alerts, or messages inside graphics that look legitimate but can’t be scanned by traditional text-based filters.
These images often appear polished and professional, using logos and layouts that mimic real companies. In many cases, the image itself is clickable and leads you to a phishing site. With little or no surrounding text, the message is more likely to slip through security scans and still look convincing.
This tactic works because visuals feel trustworthy. A branded banner or alert can seem more legitimate than a plain-text email. That’s why defending against it is harder. Traditional filters struggle to analyze image content, so stopping these attacks often requires a combination of advanced image scanning and the ability to recognize visual red flags—not just suspicious text.
Blog Posts
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
Call Me Maybe? The Rise of Callback Phishing Emails · Blog · Sublime Security
Attack Types (4):
Credential Phishing
Malware/Ransomware
Spam
Callback Phishing
Detection Methods (14):
Sender analysis
HTML analysis
URL screenshot
Optical Character Recognition
URL analysis
Content analysis
File analysis
XML analysis
Computer Vision
Natural Language Understanding
Header analysis
QR code analysis
Archive analysis
Exif analysis
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
Brand impersonation: Figma with malicious document access overlay
3d ago
May 27th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Image as content
Sender analysis
HTML analysis
URL screenshot
Optical Character Recognition
URL analysis
Credential Phishing
Impersonation: Brand
Social engineering
Image as content
Sender analysis
HTML analysis
URL screenshot
Optical Character Recognition
URL analysis
Image as content with a link to an open redirect
4d ago
May 26th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
Image as content
Open redirect
Social engineering
Content analysis
HTML analysis
URL analysis
Credential Phishing
Malware/Ransomware
Evasion
Image as content
Open redirect
Social engineering
Content analysis
HTML analysis
URL analysis
Attachment: SVG file with hyperlinks and cursor styling
10d ago
May 20th, 2026
Sublime Security
Credential Phishing
Evasion
Image as content
File analysis
XML analysis
Content analysis
Credential Phishing
Evasion
Image as content
File analysis
XML analysis
Content analysis
Brand impersonation: USPS
12d ago
May 18th, 2026
Sublime Security
Credential Phishing
Image as content
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
Natural Language Understanding
Sender analysis
Credential Phishing
Image as content
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
Natural Language Understanding
Sender analysis
Attachment: Microsoft impersonation via PDF with link and suspicious language
16d ago
May 14th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Image as content
Impersonation: Brand
PDF
Scripting
Social engineering
Computer Vision
File analysis
Header analysis
Natural Language Understanding
Sender analysis
Credential Phishing
Malware/Ransomware
Image as content
Impersonation: Brand
PDF
Scripting
Social engineering
Computer Vision
File analysis
Header analysis
Natural Language Understanding
Sender analysis
Cloud storage impersonation with credential theft indicators
18d ago
May 12th, 2026
Sublime Security
Credential Phishing
Free file host
Image as content
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
URL analysis
Credential Phishing
Free file host
Image as content
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
URL analysis
Attachment: SVG files with evasion elements
22d ago
May 8th, 2026
Sublime Security
Malware/Ransomware
Credential Phishing
QR code
Image as content
Evasion
File analysis
XML analysis
QR code analysis
Sender analysis
Malware/Ransomware
Credential Phishing
QR code
Image as content
Evasion
File analysis
XML analysis
QR code analysis
Sender analysis
Brand impersonation: DocuSign with embedded QR code
26d ago
May 4th, 2026
Sublime Security
Credential Phishing
Evasion
Image as content
Impersonation: Brand
QR code
Computer Vision
Content analysis
QR code analysis
Sender analysis
Credential Phishing
Evasion
Image as content
Impersonation: Brand
QR code
Computer Vision
Content analysis
QR code analysis
Sender analysis
Attachment: QR code with userinfo portion
1mo ago
Apr 30th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
Image as content
PDF
QR code
QR code analysis
File analysis
Sender analysis
Credential Phishing
Malware/Ransomware
Evasion
Image as content
PDF
QR code
QR code analysis
File analysis
Sender analysis
Brand impersonation: Fake Fax
1mo ago
Apr 30th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Image as content
Free file host
Free subdomain host
Social engineering
Computer Vision
Content analysis
Optical Character Recognition
Sender analysis
URL analysis
Credential Phishing
Impersonation: Brand
Image as content
Free file host
Free subdomain host
Social engineering
Computer Vision
Content analysis
Optical Character Recognition
Sender analysis
URL analysis
Attachment: QR code link with base64-encoded recipient address
1mo ago
Apr 29th, 2026
Sublime Security
Credential Phishing
QR code
Image as content
Social engineering
Evasion
PDF
Macros
Computer Vision
File analysis
Natural Language Understanding
QR code analysis
Sender analysis
Credential Phishing
QR code
Image as content
Social engineering
Evasion
PDF
Macros
Computer Vision
File analysis
Natural Language Understanding
QR code analysis
Sender analysis
Attachment: Cold outreach with invitation subject and not attachment
1mo ago
Apr 3rd, 2026
Sublime Security
Spam
Social engineering
Image as content
Content analysis
Natural Language Understanding
File analysis
Spam
Social engineering
Image as content
Content analysis
Natural Language Understanding
File analysis
Link: PDF display text with fake copyright claim template
2mo ago
Mar 18th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
Image as content
PDF
Content analysis
HTML analysis
Credential Phishing
Malware/Ransomware
Evasion
Image as content
PDF
Content analysis
HTML analysis
Impersonation: Recipient organization in sender display name with credential theft image
3mo ago
Feb 17th, 2026
Sublime Security
Credential Phishing
Image as content
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
File analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
Credential Phishing
Image as content
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
File analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
Brand impersonation: Microsoft Planner with suspicious link
3mo ago
Feb 6th, 2026
Sublime Security
Credential Phishing
Evasion
Image as content
Impersonation: Brand
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
Credential Phishing
Evasion
Image as content
Impersonation: Brand
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
Attachment: QR code with encoded recipient targeting and redirect indicators
4mo ago
Jan 30th, 2026
Sublime Security
Credential Phishing
QR code
Evasion
Image as content
Open redirect
Archive analysis
File analysis
QR code analysis
URL analysis
Credential Phishing
QR code
Evasion
Image as content
Open redirect
Archive analysis
File analysis
QR code analysis
URL analysis
Brand impersonation: Microsoft with low reputation links
4mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Free file host
Image as content
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
File analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
URL analysis
Credential Phishing
Free file host
Image as content
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
File analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
URL analysis
Attachment: Fake secure message and suspicious indicators
4mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Image as content
Impersonation: Brand
Social engineering
Content analysis
File analysis
Header analysis
Natural Language Understanding
Sender analysis
Credential Phishing
Image as content
Impersonation: Brand
Social engineering
Content analysis
File analysis
Header analysis
Natural Language Understanding
Sender analysis
Attachment: Callback phishing solicitation via image file
4mo ago
Jan 12th, 2026
@vector_sec
Callback Phishing
Evasion
Free email provider
Out of band pivot
Social engineering
Image as content
Content analysis
Optical Character Recognition
Sender analysis
URL analysis
Computer Vision
Callback Phishing
Evasion
Free email provider
Out of band pivot
Social engineering
Image as content
Content analysis
Optical Character Recognition
Sender analysis
URL analysis
Computer Vision
Credential phishing: Image as content, short or no body contents
4mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Evasion
Image as content
Computer Vision
Content analysis
File analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Credential Phishing
Evasion
Image as content
Computer Vision
Content analysis
File analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Page 1 of 2

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Brand impersonation: Figma with malicious document access overlay	3d ago May 27th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Image as content Sender analysis HTML analysis URL screenshot Optical Character Recognition URL analysis
Image as content with a link to an open redirect	4d ago May 26th, 2026	Sublime Security	Credential Phishing Malware/Ransomware Evasion Image as content Open redirect Social engineering Content analysis HTML analysis URL analysis
Attachment: SVG file with hyperlinks and cursor styling	10d ago May 20th, 2026	Sublime Security	Credential Phishing Evasion Image as content File analysis XML analysis Content analysis
Brand impersonation: USPS	12d ago May 18th, 2026	Sublime Security	Credential Phishing Image as content Impersonation: Brand Social engineering Computer Vision Content analysis Natural Language Understanding Sender analysis
Attachment: Microsoft impersonation via PDF with link and suspicious language	16d ago May 14th, 2026	Sublime Security	Credential Phishing Malware/Ransomware Image as content Impersonation: Brand PDF Scripting Social engineering Computer Vision File analysis Header analysis Natural Language Understanding Sender analysis
Cloud storage impersonation with credential theft indicators	18d ago May 12th, 2026	Sublime Security	Credential Phishing Free file host Image as content Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis
Attachment: SVG files with evasion elements	22d ago May 8th, 2026	Sublime Security	Malware/Ransomware Credential Phishing QR code Image as content Evasion File analysis XML analysis QR code analysis Sender analysis
Brand impersonation: DocuSign with embedded QR code	26d ago May 4th, 2026	Sublime Security	Credential Phishing Evasion Image as content Impersonation: Brand QR code Computer Vision Content analysis QR code analysis Sender analysis
Attachment: QR code with userinfo portion	1mo ago Apr 30th, 2026	Sublime Security	Credential Phishing Malware/Ransomware Evasion Image as content PDF QR code QR code analysis File analysis Sender analysis
Brand impersonation: Fake Fax	1mo ago Apr 30th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Image as content Free file host Free subdomain host Social engineering Computer Vision Content analysis Optical Character Recognition Sender analysis URL analysis
Attachment: QR code link with base64-encoded recipient address	1mo ago Apr 29th, 2026	Sublime Security	Credential Phishing QR code Image as content Social engineering Evasion PDF Macros Computer Vision File analysis Natural Language Understanding QR code analysis Sender analysis
Attachment: Cold outreach with invitation subject and not attachment	1mo ago Apr 3rd, 2026	Sublime Security	Spam Social engineering Image as content Content analysis Natural Language Understanding File analysis
Link: PDF display text with fake copyright claim template	2mo ago Mar 18th, 2026	Sublime Security	Credential Phishing Malware/Ransomware Evasion Image as content PDF Content analysis HTML analysis
Impersonation: Recipient organization in sender display name with credential theft image	3mo ago Feb 17th, 2026	Sublime Security	Credential Phishing Image as content Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Natural Language Understanding Optical Character Recognition Sender analysis
Brand impersonation: Microsoft Planner with suspicious link	3mo ago Feb 6th, 2026	Sublime Security	Credential Phishing Evasion Image as content Impersonation: Brand Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis
Attachment: QR code with encoded recipient targeting and redirect indicators	4mo ago Jan 30th, 2026	Sublime Security	Credential Phishing QR code Evasion Image as content Open redirect Archive analysis File analysis QR code analysis URL analysis
Brand impersonation: Microsoft with low reputation links	4mo ago Jan 12th, 2026	Sublime Security	Credential Phishing Free file host Image as content Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis
Attachment: Fake secure message and suspicious indicators	4mo ago Jan 12th, 2026	Sublime Security	Credential Phishing Image as content Impersonation: Brand Social engineering Content analysis File analysis Header analysis Natural Language Understanding Sender analysis
Attachment: Callback phishing solicitation via image file	4mo ago Jan 12th, 2026	@vector_sec	Callback Phishing Evasion Free email provider Out of band pivot Social engineering Image as content Content analysis Optical Character Recognition Sender analysis URL analysis Computer Vision
Credential phishing: Image as content, short or no body contents	4mo ago Jan 12th, 2026	Sublime Security	Credential Phishing Evasion Image as content Computer Vision Content analysis File analysis Header analysis Natural Language Understanding Optical Character Recognition