Tactic or Technique: Impersonation: Employee

Employee impersonation is a tactic where attackers pose as someone inside your organization, like a coworker, manager, or contractor, to get you to take action. These messages often look like they’re coming from a trusted internal contact by using spoofed display names, freemail accounts, or lookalike domains.
The emails are usually short and urgent. You might see what looks like a request from your manager to send a wire transfer, from IT asking you to verify your login, or from HR sharing a document. Attackers often research your org chart, titles, or communication habits to make the message feel more believable.
If you respond, the consequences can be serious. You might send sensitive data, move money to the wrong account, or open a file that installs malware. These attacks work because they feel familiar, and the sender looks like someone you normally trust.
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Suspicious attachment with unscannable Cloudflare link
8d ago
Jun 2nd, 2025
Sublime Security
/feeds/core/detection-rules/suspicious-attachment-with-unscannable-cloudflare-link-00f92b6f
Corporate Services Impersonation Phishing
12d ago
May 29th, 2025
Sublime Security
/feeds/core/detection-rules/corporate-services-impersonation-phishing-3cd04f33
Impersonation: Human Resources with link or attachment and engaging language
1mo ago
Apr 14th, 2025
Sublime Security
/feeds/core/detection-rules/impersonation-human-resources-with-link-or-attachment-and-engaging-language-8c95a6a8
Canva Infrastructure Abuse
2mo ago
Apr 1st, 2025
Sublime Security
/feeds/core/detection-rules/canva-infrastructure-abuse-b69fdb5c
Sharepoint Link Likely Unrelated to Sender
3mo ago
Mar 12th, 2025
Sublime Security
/feeds/core/detection-rules/sharepoint-link-likely-unrelated-to-sender-6870f489
Benefits Enrollment Impersonation
4mo ago
Jan 30th, 2025
Sublime Security
/feeds/core/detection-rules/benefits-enrollment-impersonation-5a6eb5a8
Employee Impersonation: Payroll Fraud
5mo ago
Dec 16th, 2024
Sublime Security
/feeds/core/detection-rules/employee-impersonation-payroll-fraud-2beb7d85
Suspicious Request for Financial Information
6mo ago
Nov 25th, 2024
Sublime Security
/feeds/core/detection-rules/suspicious-request-for-financial-information-4ebdaa4d
VIP impersonation with charitable donation fraud
8mo ago
Oct 8th, 2024
Sublime Security
/feeds/core/detection-rules/vip-impersonation-with-charitable-donation-fraud-35a56b8e
Employee impersonation with urgent request (untrusted sender)
10mo ago
Jul 17th, 2024
Sublime Security
/feeds/core/detection-rules/employee-impersonation-with-urgent-request-untrusted-sender-1ce9a146
VIP Impersonation via Google Group relay with suspicious indicators
1y ago
May 3rd, 2024
Sublime Security
/feeds/core/detection-rules/vip-impersonation-via-google-group-relay-with-suspicious-indicators-57f9cd3b
Attachment with VBA macros from employee impersonation (unsolicited)
1y ago
Feb 26th, 2024
Sublime Security
/feeds/core/detection-rules/attachment-with-vba-macros-from-employee-impersonation-unsolicited-9b262123
BEC: Employee impersonation with subject manipulation
1y ago
Jan 22nd, 2024
Sublime Security
/feeds/core/detection-rules/bec-employee-impersonation-with-subject-manipulation-9adfc77b