Tactic or Technique: Impersonation: Employee

Employee impersonation is a tactic where attackers pose as someone inside your organization, like a coworker, manager, or contractor, to get you to take action. These messages often look like theyโ€™re coming from a trusted internal contact by using spoofed display names, freemail accounts, or lookalike domains.
The emails are usually short and urgent. You might see what looks like a request from your manager to send a wire transfer, from IT asking you to verify your login, or from HR sharing a document. Attackers often research your org chart, titles, or communication habits to make the message feel more believable.
If you respond, the consequences can be serious. You might send sensitive data, move money to the wrong account, or open a file that installs malware. These attacks work because they feel familiar, and the sender looks like someone you normally trust.
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Impersonation: Employee name in subject with suspicious sender
6d ago
Jul 10th, 2026
Sublime Security
Impersonation: IT Department mailbox storage alert
9d ago
Jul 7th, 2026
Sublime Security
Suspicious request for financial information
21d ago
Jun 25th, 2026
Sublime Security
Employee impersonation: Payroll fraud
28d ago
Jun 18th, 2026
Sublime Security
Credential phishing: Generic document sharing
1mo ago
Jun 15th, 2026
Sublime Security
Benefits enrollment impersonation
1mo ago
Jun 5th, 2026
Sublime Security
VIP Impersonation via Google Group relay with suspicious indicators
1mo ago
Jun 5th, 2026
Sublime Security
VIP impersonation with charitable donation fraud
1mo ago
Jun 5th, 2026
Sublime Security
Impersonation: Human Resources with link or attachment and engaging language
1mo ago
Jun 5th, 2026
Sublime Security
Impersonation: Employee using fabricated identity in initial contact
1mo ago
May 28th, 2026
Sublime Security
Canva infrastructure abuse
2mo ago
May 4th, 2026
Sublime Security
Link: SharePoint filename matches org name
5mo ago
Feb 6th, 2026
Sublime Security
Impersonation: Internal corporate services
5mo ago
Jan 28th, 2026
Sublime Security
BEC: Employee impersonation with subject manipulation
6mo ago
Jan 16th, 2026
Sublime Security
Suspicious attachment with unscannable Cloudflare link
6mo ago
Jan 12th, 2026
Sublime Security
Headers: System account impersonation with empty sender address
6mo ago
Jan 12th, 2026
Sublime Security
Employee impersonation with urgent request (untrusted sender)
6mo ago
Jan 12th, 2026
Sublime Security
Service Abuse: Box file sharing with credential phishing intent
6mo ago
Jan 12th, 2026
Sublime Security
Attachment with VBA macros from employee impersonation (unsolicited)
6mo ago
Jan 12th, 2026
Sublime Security
Sharepoint link likely unrelated to sender
6mo ago
Jan 12th, 2026
Sublime Security