Detection Method: Natural Language Understanding

Natural Language Understanding (NLU) uses machine learning algorithms to analyze and interpret message content, helping systems detect subtle signs of malicious intent. Instead of just matching keywords, NLU looks at the context, tone, urgency, and intent behind the message.
NLU can help you detect:
  • Urgent language commonly used in BEC attacks impersonating executives or departments
  • Credential theft attempts disguised as legitimate service notifications
  • Extortion or blackmail tactics used in intimidation campaigns
  • Financial terms typically found in payment fraud or invoice scams
  • Deceptive job offers designed to steal sensitive information
For example, NLU can identify when an email uses urgent language ("immediate attention required") combined with financial requests ("wire transfer") and impersonation, which are common tactics in BEC attacks.
Blog Posts
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Callback phishing via invoice abuse and distribution list relays · Blog · Sublime Security
Callback phishing via invoice abuse and distribution list relays · Blog · Sublime Security
B2B freight-forwarding scams on the rise to evade financial fraud crackdowns · Blog · Sublime Security
B2B freight-forwarding scams on the rise to evade financial fraud crackdowns · Blog · Sublime Security
Hidden credential phishing within EML attachments · Blog · Sublime Security
Hidden credential phishing within EML attachments · Blog · Sublime Security
Adversarial ML: Extortion via LLM Manipulation Tactics · Blog · Sublime Security
Adversarial ML: Extortion via LLM Manipulation Tactics · Blog · Sublime Security
Combating GenAI Email Attacks with BERT LLM · Blog · Sublime Security
Combating GenAI Email Attacks with BERT LLM · Blog · Sublime Security
Payroll Fraud via LLM-Generated Emails · Blog · Sublime Security
Payroll Fraud via LLM-Generated Emails · Blog · Sublime Security
Fake invoice used to conduct $16,800 BEC attempt · Blog · Sublime Security
Fake invoice used to conduct $16,800 BEC attempt · Blog · Sublime Security
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
Call Me Maybe? The Rise of Callback Phishing Emails · Blog · Sublime Security
Call Me Maybe? The Rise of Callback Phishing Emails · Blog · Sublime Security
Attack Types (6):
Credential Phishing
Extortion
Callback Phishing
BEC/Fraud
Spam
Malware/Ransomware
Tactics & Techniques (20):
Social engineering
Spoofing
Out of band pivot
Evasion
Image as content
Impersonation: Brand
Impersonation: Employee
Free email provider
Lookalike domain
PDF
QR code
Macros
Impersonation: VIP
Free subdomain host
Free file host
Open redirect
Encryption
Scripting
IPFS
HTML smuggling
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Link: Personal SharePoint with invalid recipients and credential theft language
16m ago
Jan 23rd, 2026
Sublime Security
Credential Phishing
Social engineering
Content analysis
Header analysis
Natural Language Understanding
URL analysis
/feeds/core/detection-rules/link-personal-sharepoint-with-invalid-recipients-and-credential-theft-language-79d5403d
Extortion / sextortion (untrusted sender)
20h ago
Jan 22nd, 2026
Sublime Security
Extortion
Social engineering
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/extortion-sextortion-untrusted-sender-265913eb
Fake voicemail notification (untrusted sender)
1d ago
Jan 22nd, 2026
Sublime Security
Credential Phishing
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
URL analysis
/feeds/core/detection-rules/fake-voicemail-notification-untrusted-sender-74ba7787
Service abuse: Microsoft Power BI callback scam
1d ago
Jan 22nd, 2026
Sublime Security
Callback Phishing
Out of band pivot
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/service-abuse-microsoft-power-bi-callback-scam-7a55388e
Callback phishing via calendar invite
1d ago
Jan 22nd, 2026
Sublime Security
Callback Phishing
Social engineering
Evasion
File analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/callback-phishing-via-calendar-invite-95c84360
Callback phishing in body or attachment (untrusted sender)
1d ago
Jan 22nd, 2026
Sublime Security
Callback Phishing
Out of band pivot
Social engineering
Content analysis
File analysis
Optical Character Recognition
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/callback-phishing-in-body-or-attachment-untrusted-sender-b93c6f94
Job scam with specific salary pattern
2d ago
Jan 21st, 2026
Sublime Security
BEC/Fraud
Social engineering
Content analysis
Natural Language Understanding
Header analysis
Sender analysis
/feeds/core/detection-rules/job-scam-with-specific-salary-pattern-af7f9e21
Brand impersonation: USPS
3d ago
Jan 20th, 2026
Sublime Security
Credential Phishing
Image as content
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/brand-impersonation-usps-28b9130a
Impersonation: Internal corporate services
3d ago
Jan 20th, 2026
Sublime Security
Credential Phishing
Impersonation: Employee
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/impersonation-internal-corporate-services-3cd04f33
Service abuse: GetAccept callback scam content
7d ago
Jan 16th, 2026
Sublime Security
Callback Phishing
Out of band pivot
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/service-abuse-getaccept-callback-scam-content-7ec2f70b
BEC: Employee impersonation with subject manipulation
7d ago
Jan 16th, 2026
Sublime Security
BEC/Fraud
Impersonation: Employee
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/bec-employee-impersonation-with-subject-manipulation-9adfc77b
Request for Quote or Purchase (RFQ|RFP) with suspicious sender or recipient pattern
8d ago
Jan 15th, 2026
Sublime Security
BEC/Fraud
Evasion
Free email provider
Content analysis
Natural Language Understanding
URL analysis
/feeds/core/detection-rules/request-for-quote-or-purchase-rfqorrfp-with-suspicious-sender-or-recipient-pattern-2ac0d329
Vendor impersonation: Thread hijacking with typosquat domain
11d ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Lookalike domain
Social engineering
Spoofing
Content analysis
Natural Language Understanding
Sender analysis
Whois
/feeds/core/detection-rules/vendor-impersonation-thread-hijacking-with-typosquat-domain-9c2f38ed
Brand impersonation: SendGrid
11d ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Spam
Impersonation: Brand
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
/feeds/core/detection-rules/brand-impersonation-sendgrid-d800124f
BEC/Fraud: Job scam fake thread or plaintext pivot to freemail
11d ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Free email provider
Out of band pivot
Content analysis
File analysis
Natural Language Understanding
/feeds/core/detection-rules/becfraud-job-scam-fake-thread-or-plaintext-pivot-to-freemail-ce21c151
Credential phishing: DocuSign embedded image lure with no DocuSign domains in links
11d ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
/feeds/core/detection-rules/credential-phishing-docusign-embedded-image-lure-with-no-docusign-domains-in-links-dfe8715e
Business Email Compromise (BEC) attempt from untrusted sender
11d ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/business-email-compromise-bec-attempt-from-untrusted-sender-96d4c35a
Attachment: Legal themed message or PDF with suspicious indicators
11d ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Extortion
BEC/Fraud
Evasion
PDF
Social engineering
Content analysis
File analysis
Natural Language Understanding
Optical Character Recognition
URL analysis
Whois
Header analysis
Exif analysis
/feeds/core/detection-rules/attachment-legal-themed-message-or-pdf-with-suspicious-indicators-19133301
Attachment: Fake secure message and suspicious indicators
11d ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Image as content
Impersonation: Brand
Social engineering
Content analysis
File analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/attachment-fake-secure-message-and-suspicious-indicators-20a34d94
Attachment: Office file contains OLE relationship to credential phishing page
11d ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Evasion
Social engineering
File analysis
HTML analysis
Natural Language Understanding
OLE analysis
URL analysis
/feeds/core/detection-rules/attachment-office-file-contains-ole-relationship-to-credential-phishing-page-d55793d0
Page 1 of 10