Tactic or Technique: Impersonation: Brand

Brand impersonation is a phishing technique where attackers copy the look and feel of trusted companies to make their emails seem legitimate. They recreate logos, colors, templates, and writing styles to mimic well-known brands like Microsoft, Amazon, or PayPal and convince you to trust the message.
They often use lookalike domains to make the links seem real. That could be a small typo, a character swap, or a URL like secure-microsoft[.]com that looks legitimate at first glance. These tricks are meant to get past your defenses and make you more likely to click or respond.
The goal is usually to steal your credentials or convince you to take some kind of action. But over time, these attacks also make it harder to trust what you see in your inbox. Spotting them means looking closely—at the sender address, the way the message is written, and where the links actually go. The differences are subtle, but once you know what to look for, they stand out.
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Brand impersonation: Punchbowl
14h ago
Jul 15th, 2026
Sublime Security
Brand impersonation: Squarespace
18h ago
Jul 15th, 2026
Sublime Security
Link: Free file host link with 'Important Viewing Note' lure
19h ago
Jul 15th, 2026
Sublime Security
Brand impersonation: Internal Revenue Service
2d ago
Jul 14th, 2026
Sublime Security
Service abuse: Calendly callback scam detection
2d ago
Jul 14th, 2026
Sublime Security
Brand impersonation: FedEx
2d ago
Jul 14th, 2026
Sublime Security
Link: Multistage landing - Abused Adobe Acrobat hosted PDF
2d ago
Jul 14th, 2026
Sublime Security
Open redirect: Diesel.az
2d ago
Jul 14th, 2026
Sublime Security
Link: Fraudulent state business filing notice
2d ago
Jul 14th, 2026
Sublime Security
Service abuse: Microsoft Forms Pro with suspicious links or QR codes
2d ago
Jul 14th, 2026
Sublime Security
Brand impersonation: Government / Tax Authority document lure
2d ago
Jul 14th, 2026
Sublime Security
Brand impersonation: GoDaddy
2d ago
Jul 14th, 2026
Sublime Security
Service abuse: Oracle Cloud Workflow callback scam
6d ago
Jul 10th, 2026
Sublime Security
Brand impersonation: Wix
6d ago
Jul 10th, 2026
Sublime Security
Brand impersonation: Amazon
6d ago
Jul 10th, 2026
Sublime Security
Brand impersonation: AARP
7d ago
Jul 9th, 2026
Sublime Security
Brand impersonation: OpenAI with payment issues
7d ago
Jul 9th, 2026
Sublime Security
Brand impersonation: Chase Bank
7d ago
Jul 9th, 2026
Sublime Security
Service abuse: Facebook mail notification callback scam
7d ago
Jul 9th, 2026
Sublime Security
Credential phishing: Blue button styled link with file-sharing template artifacts
8d ago
Jul 8th, 2026
Sublime Security