Tactic or Technique: Impersonation: Brand

Brand impersonation is a phishing technique where attackers copy the look and feel of trusted companies to make their emails seem legitimate. They recreate logos, colors, templates, and writing styles to mimic well-known brands like Microsoft, Amazon, or PayPal and convince you to trust the message.
They often use lookalike domains to make the links seem real. That could be a small typo, a character swap, or a URL like secure-microsoft[.]com that looks legitimate at first glance. These tricks are meant to get past your defenses and make you more likely to click or respond.
The goal is usually to steal your credentials or convince you to take some kind of action. But over time, these attacks also make it harder to trust what you see in your inbox. Spotting them means looking closely—at the sender address, the way the message is written, and where the links actually go. The differences are subtle, but once you know what to look for, they stand out.
Blog Posts
Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits · Blog · Sublime Security
Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits · Blog · Sublime Security
Credential phishing Charles Schwab account holders with 2FA bypass · Blog · Sublime Security
Credential phishing Charles Schwab account holders with 2FA bypass · Blog · Sublime Security
Callback phishing via invoice abuse and distribution list relays · Blog · Sublime Security
Callback phishing via invoice abuse and distribution list relays · Blog · Sublime Security
Talking phish over turkey · Blog · Sublime Security
Talking phish over turkey · Blog · Sublime Security
Living Off the Land: Callback Phishing via Docusign comment · Blog · Sublime Security
Living Off the Land: Callback Phishing via Docusign comment · Blog · Sublime Security
Abusing Discord to deliver Agent Tesla malware · Blog · Sublime Security
Abusing Discord to deliver Agent Tesla malware · Blog · Sublime Security
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
Call Me Maybe? The Rise of Callback Phishing Emails · Blog · Sublime Security
Call Me Maybe? The Rise of Callback Phishing Emails · Blog · Sublime Security
Detecting Credential Phishing using Deep Learning + MQL · Blog · Sublime Security
Detecting Credential Phishing using Deep Learning + MQL · Blog · Sublime Security
Attack Types (6):
Spam
Credential Phishing
Callback Phishing
BEC/Fraud
Malware/Ransomware
Extortion
Detection Methods (17):
Sender analysis
Content analysis
Header analysis
Computer Vision
File analysis
HTML analysis
URL analysis
Natural Language Understanding
QR code analysis
Optical Character Recognition
Whois
Archive analysis
Javascript analysis
YARA
URL screenshot
Exif analysis
Threat intelligence
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Service abuse: Demio notifications with suspicious content patterns
22h ago
May 11th, 2026
Sublime Security
Spam
Social engineering
Impersonation: Brand
Sender analysis
Content analysis
Brand impersonation: FedEx
4d ago
May 8th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Header analysis
Sender analysis
Brand impersonation: Quickbooks
4d ago
May 8th, 2026
Sublime Security
Callback Phishing
Credential Phishing
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
Header analysis
Sender analysis
Service abuse: Microsoft with suspicious indicators in subject
5d ago
May 7th, 2026
Sublime Security
Credential Phishing
Spam
Impersonation: Brand
Social engineering
Sender analysis
Content analysis
Brand Impersonation: PayPal
5d ago
May 7th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Computer Vision
Content analysis
File analysis
Header analysis
Sender analysis
Link: Suspicious Loom HTML file path
6d ago
May 6th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
HTML analysis
URL analysis
Brand impersonation: Booking.com
6d ago
May 6th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Natural Language Understanding
Header analysis
Sender analysis
Brand impersonation: Trust Wallet
8d ago
May 4th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Impersonation: Brand
Social engineering
Natural Language Understanding
Sender analysis
Header analysis
Brand impersonation: Capital One
8d ago
May 4th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Computer Vision
Sender analysis
Header analysis
Brand impersonation: DocuSign with embedded QR code
8d ago
May 4th, 2026
Sublime Security
Credential Phishing
Evasion
Image as content
Impersonation: Brand
QR code
Computer Vision
Content analysis
QR code analysis
Sender analysis
Brand impersonation: SharePoint PDF attachment with credential theft language
8d ago
May 4th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
PDF
Evasion
Computer Vision
File analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
URL analysis
Header analysis
Whois
Canva infrastructure abuse
8d ago
May 4th, 2026
Sublime Security
BEC/Fraud
Callback Phishing
Social engineering
Impersonation: Brand
Impersonation: Employee
Free email provider
Natural Language Understanding
Sender analysis
Content analysis
Callback phishing via Intuit service abuse
8d ago
May 4th, 2026
Sublime Security
Callback Phishing
Evasion
Free email provider
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
Header analysis
Optical Character Recognition
Venmo payment request abuse
8d ago
May 4th, 2026
Sublime Security
Callback Phishing
BEC/Fraud
Social engineering
Impersonation: Brand
Evasion
Natural Language Understanding
Content analysis
Sender analysis
HTML analysis
Callback phishing via Google Group abuse
8d ago
May 4th, 2026
Sublime Security
Callback Phishing
Free email provider
Impersonation: Brand
Social engineering
File analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
Brand impersonation: Sharepoint
8d ago
May 4th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
File analysis
Natural Language Understanding
Sender analysis
Callback phishing via Adobe Sign comment
8d ago
May 4th, 2026
Sublime Security
Callback Phishing
Evasion
Impersonation: Brand
Out of band pivot
Social engineering
Content analysis
Computer Vision
Header analysis
Sender analysis
URL analysis
Link: File sharing impersonation with suspicious language and sending patterns
12d ago
Apr 30th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Social engineering
Free subdomain host
Impersonation: Brand
Natural Language Understanding
URL analysis
Sender analysis
Header analysis
Content analysis
Brand impersonation: Fake Fax
12d ago
Apr 30th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Image as content
Free file host
Free subdomain host
Social engineering
Computer Vision
Content analysis
Optical Character Recognition
Sender analysis
URL analysis
Abuse: Robinhood injected content
12d ago
Apr 30th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
Header analysis
HTML analysis
Sender analysis
Page 1 of 14