Tactic or Technique: Impersonation: Brand

Brand impersonation is a phishing technique where attackers copy the look and feel of trusted companies to make their emails seem legitimate. They recreate logos, colors, templates, and writing styles to mimic well-known brands like Microsoft, Amazon, or PayPal and convince you to trust the message.
They often use lookalike domains to make the links seem real. That could be a small typo, a character swap, or a URL like secure-microsoft[.]com that looks legitimate at first glance. These tricks are meant to get past your defenses and make you more likely to click or respond.
The goal is usually to steal your credentials or convince you to take some kind of action. But over time, these attacks also make it harder to trust what you see in your inbox. Spotting them means looking closely—at the sender address, the way the message is written, and where the links actually go. The differences are subtle, but once you know what to look for, they stand out.
Blog Posts
Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits · Blog · Sublime Security
Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits · Blog · Sublime Security
Credential phishing Charles Schwab account holders with 2FA bypass · Blog · Sublime Security
Credential phishing Charles Schwab account holders with 2FA bypass · Blog · Sublime Security
Callback phishing via invoice abuse and distribution list relays · Blog · Sublime Security
Callback phishing via invoice abuse and distribution list relays · Blog · Sublime Security
Talking phish over turkey · Blog · Sublime Security
Talking phish over turkey · Blog · Sublime Security
Living Off the Land: Callback Phishing via Docusign comment · Blog · Sublime Security
Living Off the Land: Callback Phishing via Docusign comment · Blog · Sublime Security
Abusing Discord to deliver Agent Tesla malware · Blog · Sublime Security
Abusing Discord to deliver Agent Tesla malware · Blog · Sublime Security
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
Call Me Maybe? The Rise of Callback Phishing Emails · Blog · Sublime Security
Call Me Maybe? The Rise of Callback Phishing Emails · Blog · Sublime Security
Detecting Credential Phishing using Deep Learning + MQL · Blog · Sublime Security
Detecting Credential Phishing using Deep Learning + MQL · Blog · Sublime Security
Attack Types (6):
Credential Phishing
Malware/Ransomware
BEC/Fraud
Callback Phishing
Spam
Extortion
Detection Methods (16):
Header analysis
Sender analysis
Content analysis
URL analysis
Computer Vision
Natural Language Understanding
HTML analysis
Optical Character Recognition
File analysis
Whois
URL screenshot
QR code analysis
Archive analysis
Javascript analysis
Exif analysis
Threat intelligence
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Service abuse: SendGrid impersonation via Sendgrid from new sender
14d ago
Dec 19th, 2025
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Header analysis
Sender analysis
/feeds/core/detection-rules/service-abuse-sendgrid-impersonation-via-sendgrid-from-new-sender-aa5d18ca
Brand Impersonation: ShareFile
14d ago
Dec 19th, 2025
Sublime Security
Credential Phishing
Impersonation: Brand
Evasion
Lookalike domain
Header analysis
Content analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-sharefile-f8330307
Brand impersonation: Google Drive fake file share
14d ago
Dec 19th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Impersonation: Brand
Social engineering
Content analysis
Header analysis
URL analysis
Computer Vision
/feeds/core/detection-rules/brand-impersonation-google-drive-fake-file-share-b424a941
Xero invoice abuse
16d ago
Dec 17th, 2025
Sublime Security
BEC/Fraud
Credential Phishing
Impersonation: Brand
Impersonation: Employee
Social engineering
Natural Language Understanding
Content analysis
Sender analysis
/feeds/core/detection-rules/xero-invoice-abuse-6538c600
Brand impersonation: State Farm
16d ago
Dec 17th, 2025
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Spoofing
Header analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-state-farm-bcf7eba0
Callback phishing via Microsoft comment
17d ago
Dec 16th, 2025
Sublime Security
Callback Phishing
Impersonation: Brand
Out of band pivot
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/callback-phishing-via-microsoft-comment-8346c7b9
Brand impersonation: Microsoft Teams invitation
18d ago
Dec 15th, 2025
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
Header analysis
HTML analysis
URL analysis
/feeds/core/detection-rules/brand-impersonation-microsoft-teams-invitation-46410ad8
Deceptive Dropbox mention
18d ago
Dec 15th, 2025
Sublime Security
Credential Phishing
Impersonation: Brand
Free file host
Free subdomain host
Social engineering
Header analysis
Content analysis
Natural Language Understanding
Sender analysis
URL analysis
/feeds/core/detection-rules/deceptive-dropbox-mention-58a107bc
Cyrillic vowel substitutions with suspicious subject from unknown sender
21d ago
Dec 12th, 2025
Sublime Security
Credential Phishing
Evasion
Impersonation: Brand
Social engineering
Content analysis
Sender analysis
/feeds/core/detection-rules/cyrillic-vowel-substitutions-with-suspicious-subject-from-unknown-sender-10251c3c
Credential phishing: Suspicious subject with urgent financial request and link
21d ago
Dec 12th, 2025
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/credential-phishing-suspicious-subject-with-urgent-financial-request-and-link-056464f4
Brand impersonation: Wise
21d ago
Dec 12th, 2025
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/brand-impersonation-wise-01480f95
Attachment: Adobe image lure in body or attachment with suspicious link
21d ago
Dec 12th, 2025
Sublime Security
Credential Phishing
Image as content
Impersonation: Brand
Content analysis
Computer Vision
Optical Character Recognition
Sender analysis
URL analysis
/feeds/core/detection-rules/attachment-adobe-image-lure-in-body-or-attachment-with-suspicious-link-1d7add81
Service abuse: Callback phishing via Microsoft Teams invite
21d ago
Dec 12th, 2025
Sublime Security
Callback Phishing
Impersonation: Brand
Out of band pivot
Social engineering
Content analysis
URL analysis
Sender analysis
/feeds/core/detection-rules/service-abuse-callback-phishing-via-microsoft-teams-invite-13e35e5f
Brand impersonation: LinkedIn
22d ago
Dec 11th, 2025
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Header analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-linkedin-1a0cde6d
Brand impersonation: Adobe Sign with suspicious indicators
22d ago
Dec 11th, 2025
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
Header analysis
HTML analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-adobe-sign-with-suspicious-indicators-704d143a
Brand impersonation: Dropbox
23d ago
Dec 10th, 2025
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
File analysis
Header analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-dropbox-61f11d12
Brand impersonation: Sharepoint fake file share
23d ago
Dec 10th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Impersonation: Brand
Social engineering
Content analysis
Header analysis
URL analysis
Computer Vision
/feeds/core/detection-rules/brand-impersonation-sharepoint-fake-file-share-ff8b296b
Brand impersonation: Microsoft with low reputation links
23d ago
Dec 10th, 2025
Sublime Security
Credential Phishing
Free file host
Image as content
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
File analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
URL analysis
/feeds/core/detection-rules/brand-impersonation-microsoft-with-low-reputation-links-b59201b6
Brand impersonation: Microsoft logo in HTML with fake quarantine release notification
23d ago
Dec 10th, 2025
Sublime Security
Credential Phishing
Evasion
Impersonation: Brand
Social engineering
Content analysis
HTML analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-microsoft-logo-in-html-with-fake-quarantine-release-notification-f12c615c
Open redirect (go2.aspx) leading to Microsoft credential phishing
23d ago
Dec 10th, 2025
Sublime Security
Credential Phishing
Impersonation: Brand
Open redirect
Content analysis
Header analysis
URL analysis
/feeds/core/detection-rules/open-redirect-go2aspx-leading-to-microsoft-credential-phishing-51667096
Page 1 of 13