- Impersonation: VIP
Tactic or Technique: Impersonation: VIP
VIP impersonation is a tactic where attackers pretend to be an executive or senior leader at your company to pressure you into acting quickly. These messages are designed to feel urgent and important, often asking for wire transfers, sensitive documents, or immediate help without following the usual process.
To pull this off, attackers use display name spoofing, fake domains that look nearly identical to your company’s, or freemail accounts that match the executive’s name. The message might look like it’s from your CEO or CFO and may reference real company details to make it feel more authentic.
These attacks work by taking advantage of authority and urgency. You’re more likely to act fast when you think a leader is asking.Responding can lead to real damage, including financial loss, data leaks, and reputation damage.
Blog Posts
Attack Types (2):
Detection Methods (8):
Rule Name & Severity | Last Updated | Author | Types, Tactics & Capabilities | |
|---|---|---|---|---|
VIP impersonation with urgent request (strict match, untrusted sender) | 2d ago Jul 16th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/vip-impersonation-with-urgent-request-strict-match-untrusted-sender-0dd1fa60 | |
VIP impersonation with BEC language (near match, untrusted sender) | 2d ago Jul 16th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/vip-impersonation-with-bec-language-near-match-untrusted-sender-303081da | |
Suspicious attachment with unscannable Cloudflare link | 2d ago Jul 16th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/suspicious-attachment-with-unscannable-cloudflare-link-00f92b6f | |
VIP impersonation with charitable donation fraud | 2d ago Jul 16th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/vip-impersonation-with-charitable-donation-fraud-35a56b8e | |
VIP / Executive impersonation (strict match, untrusted) | 2d ago Jul 16th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/vip-executive-impersonation-strict-match-untrusted-e42c84b7 | |
Suspicious Request for Financial Information | 2d ago Jul 16th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/suspicious-request-for-financial-information-4ebdaa4d | |
VIP / Executive impersonation in subject (untrusted) | 7d ago Jul 11th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/vip-executive-impersonation-in-subject-untrusted-0a641fe5 | |
Google Share Notification with Suspicious Comments | 3mo ago Apr 8th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/google-share-notification-with-suspicious-comments-c69c9924 | |
VIP local_part impersonation from unsolicited sender | 8mo ago Nov 20th, 2024 UTC | Sublime Security | /feeds/core/detection-rules/vip-localpart-impersonation-from-unsolicited-sender-74035fdc | |
VIP impersonation: Fake thread with display name match, email mismatch | 11mo ago Jul 29th, 2024 UTC | Sublime Security | /feeds/core/detection-rules/vip-impersonation-fake-thread-with-display-name-match-email-mismatch-11cc3e28 | |
VIP impersonation with invoicing request | 1y ago Apr 23rd, 2024 UTC | Sublime Security | /feeds/core/detection-rules/vip-impersonation-with-invoicing-request-a60f89a0 |