Tactic or Technique: Impersonation: VIP

VIP impersonation is a tactic where attackers pretend to be an executive or senior leader at your company to pressure you into acting quickly. These messages are designed to feel urgent and important, often asking for wire transfers, sensitive documents, or immediate help without following the usual process.
To pull this off, attackers use display name spoofing, fake domains that look nearly identical to your company’s, or freemail accounts that match the executive’s name. The message might look like it’s from your CEO or CFO and may reference real company details to make it feel more authentic.
These attacks work by taking advantage of authority and urgency. You’re more likely to act fast when you think a leader is asking.Responding can lead to real damage, including financial loss, data leaks, and reputation damage.
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
VIP impersonation: VIP payment redirect handoff via fake threads
2d ago
Jul 8th, 2026
Sublime Security
VIP impersonation: VIP name within a delimited subject with fake previous threads
2d ago
Jul 8th, 2026
Sublime Security
VIP impersonation: Fabricated thread history with fake VIP recipients
2d ago
Jul 8th, 2026
Sublime Security
VIP impersonation: Fake forwarded indicator with VIP recipient impersonation
3d ago
Jul 7th, 2026
Sublime Security
VIP impersonation: Invoice fraud with mobile device sign-off
3d ago
Jul 7th, 2026
Sublime Security
VIP impersonation: VIP recipient of previous thread with HTML generator
3d ago
Jul 7th, 2026
Sublime Security
Suspicious request for financial information
15d ago
Jun 25th, 2026
Sublime Security
VIP impersonation with charitable donation fraud
1mo ago
Jun 5th, 2026
Sublime Security
VIP impersonation: Fake thread with display name match, email mismatch
3mo ago
Apr 3rd, 2026
Sublime Security
VIP impersonation with urgent request (strict match, untrusted sender)
3mo ago
Mar 25th, 2026
Sublime Security
VIP impersonation with BEC language (near match, untrusted sender)
3mo ago
Mar 25th, 2026
Sublime Security
VIP impersonation with w2 request with reply-to mismatch
3mo ago
Mar 12th, 2026
Sublime Security
VIP / Executive impersonation (strict match, untrusted)
4mo ago
Feb 25th, 2026
Sublime Security
Service abuse: Trello board invitation with VIP impersonation
5mo ago
Feb 3rd, 2026
Sublime Security
Impersonation: Executive using numbered local part
5mo ago
Jan 30th, 2026
Sublime Security
Attachment: Fake lawyer & sports agent identities
5mo ago
Jan 26th, 2026
Sublime Security
Suspicious attachment with unscannable Cloudflare link
5mo ago
Jan 12th, 2026
Sublime Security
Service Abuse: Box file sharing with credential phishing intent
5mo ago
Jan 12th, 2026
Sublime Security
Google share notification with suspicious comments
5mo ago
Jan 12th, 2026
Sublime Security
VIP / Executive impersonation in subject (untrusted)
10mo ago
Aug 14th, 2025
Sublime Security