Detection Method: Natural Language Understanding

Natural Language Understanding (NLU) uses machine learning algorithms to analyze and interpret message content, helping systems detect subtle signs of malicious intent. Instead of just matching keywords, NLU looks at the context, tone, urgency, and intent behind the message.
NLU can help you detect:
  • Urgent language commonly used in BEC attacks impersonating executives or departments
  • Credential theft attempts disguised as legitimate service notifications
  • Extortion or blackmail tactics used in intimidation campaigns
  • Financial terms typically found in payment fraud or invoice scams
  • Deceptive job offers designed to steal sensitive information
For example, NLU can identify when an email uses urgent language ("immediate attention required") combined with financial requests ("wire transfer") and impersonation, which are common tactics in BEC attacks.
Blog Posts
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Callback phishing via invoice abuse and distribution list relays · Blog · Sublime Security
Callback phishing via invoice abuse and distribution list relays · Blog · Sublime Security
B2B freight-forwarding scams on the rise to evade financial fraud crackdowns · Blog · Sublime Security
B2B freight-forwarding scams on the rise to evade financial fraud crackdowns · Blog · Sublime Security
Hidden credential phishing within EML attachments · Blog · Sublime Security
Hidden credential phishing within EML attachments · Blog · Sublime Security
Adversarial ML: Extortion via LLM Manipulation Tactics · Blog · Sublime Security
Adversarial ML: Extortion via LLM Manipulation Tactics · Blog · Sublime Security
Combating GenAI Email Attacks with BERT LLM · Blog · Sublime Security
Combating GenAI Email Attacks with BERT LLM · Blog · Sublime Security
Payroll Fraud via LLM-Generated Emails · Blog · Sublime Security
Payroll Fraud via LLM-Generated Emails · Blog · Sublime Security
Fake invoice used to conduct $16,800 BEC attempt · Blog · Sublime Security
Fake invoice used to conduct $16,800 BEC attempt · Blog · Sublime Security
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
Call Me Maybe? The Rise of Callback Phishing Emails · Blog · Sublime Security
Call Me Maybe? The Rise of Callback Phishing Emails · Blog · Sublime Security
Attack Types (6):
Credential Phishing
Spam
BEC/Fraud
Callback Phishing
Extortion
Malware/Ransomware
Tactics & Techniques (20):
Impersonation: Brand
Social engineering
Evasion
PDF
Spoofing
Impersonation: Employee
Free email provider
Image as content
Out of band pivot
Impersonation: VIP
Lookalike domain
Free file host
Open redirect
Free subdomain host
QR code
Macros
Encryption
Scripting
IPFS
HTML smuggling
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Brand impersonation: TikTok
6h ago
Feb 12th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
/feeds/core/detection-rules/brand-impersonation-tiktok-aaacc8b7
Link: PDF filename impersonation with credential theft language
6h ago
Feb 12th, 2026
Sublime Security
Credential Phishing
Social engineering
Evasion
PDF
Content analysis
Natural Language Understanding
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/link-pdf-filename-impersonation-with-credential-theft-language-05931513
Brand impersonation: Navan
3d ago
Feb 9th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Spoofing
Sender analysis
Natural Language Understanding
URL analysis
Content analysis
/feeds/core/detection-rules/brand-impersonation-navan-3573e9a8
Link: URL shortener with copy-paste instructions and credential theft language
6d ago
Feb 6th, 2026
Sublime Security
Credential Phishing
Evasion
Social engineering
Content analysis
Natural Language Understanding
URL analysis
/feeds/core/detection-rules/link-url-shortener-with-copy-paste-instructions-and-credential-theft-language-a0a2c573
Brand Impersonation: Disney
6d ago
Feb 6th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Computer Vision
Natural Language Understanding
Content analysis
Header analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-disney-bf90b8fb
Service abuse: Apple TestFlight with suspicious developer reference
6d ago
Feb 6th, 2026
Sublime Security
Spam
Social engineering
Content analysis
HTML analysis
Natural Language Understanding
Sender analysis
URL analysis
/feeds/core/detection-rules/service-abuse-apple-testflight-with-suspicious-developer-reference-e7ea0ee0
Canva infrastructure abuse
6d ago
Feb 6th, 2026
Sublime Security
BEC/Fraud
Callback Phishing
Social engineering
Impersonation: Brand
Impersonation: Employee
Free email provider
Natural Language Understanding
Sender analysis
Content analysis
/feeds/core/detection-rules/canva-infrastructure-abuse-b69fdb5c
Brand impersonation: Microsoft Planner with suspicious link
6d ago
Feb 6th, 2026
Sublime Security
Credential Phishing
Evasion
Image as content
Impersonation: Brand
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
/feeds/core/detection-rules/brand-impersonation-microsoft-planner-with-suspicious-link-ea363c08
Credential phishing: Generic document sharing
7d ago
Feb 5th, 2026
Sublime Security
Credential Phishing
BEC/Fraud
Social engineering
Evasion
Impersonation: Employee
Content analysis
Natural Language Understanding
URL analysis
Sender analysis
/feeds/core/detection-rules/credential-phishing-generic-document-sharing-9f0e1d2c
Attachment: Legal themed message or PDF with suspicious indicators
7d ago
Feb 5th, 2026
Sublime Security
Credential Phishing
Extortion
BEC/Fraud
Evasion
PDF
Social engineering
Content analysis
File analysis
Natural Language Understanding
Optical Character Recognition
URL analysis
Whois
Header analysis
Exif analysis
/feeds/core/detection-rules/attachment-legal-themed-message-or-pdf-with-suspicious-indicators-19133301
Service abuse: WeTransfer callback scam
13d ago
Jan 30th, 2026
Sublime Security
Callback Phishing
Social engineering
Out of band pivot
Content analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/service-abuse-wetransfer-callback-scam-c60c8650
VIP impersonation with w2 request
14d ago
Jan 29th, 2026
Sublime Security
BEC/Fraud
Impersonation: VIP
Content analysis
Header analysis
Natural Language Understanding
/feeds/core/detection-rules/vip-impersonation-with-w2-request-e7e73fad
Brand impersonation: Aramco
15d ago
Jan 28th, 2026
Sublime Security
BEC/Fraud
Impersonation: Brand
Lookalike domain
Social engineering
Content analysis
Header analysis
HTML analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/brand-impersonation-aramco-96e87699
Impersonation: Internal corporate services
15d ago
Jan 28th, 2026
Sublime Security
Credential Phishing
Impersonation: Employee
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/impersonation-internal-corporate-services-3cd04f33
Reconnaissance: Short generic greeting message
16d ago
Jan 27th, 2026
Sublime Security
BEC/Fraud
Callback Phishing
Social engineering
Free email provider
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/reconnaissance-short-generic-greeting-message-c67dedab
Link: Microsoft Dynamics 365 form phishing
16d ago
Jan 27th, 2026
Sublime Security
Credential Phishing
Evasion
Content analysis
File analysis
Optical Character Recognition
Natural Language Understanding
URL analysis
URL screenshot
/feeds/core/detection-rules/link-microsoft-dynamics-365-form-phishing-f72b9085
Service abuse: Monday.com callback scam
17d ago
Jan 26th, 2026
Sublime Security
Callback Phishing
Social engineering
Out of band pivot
Content analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/service-abuse-mondaycom-callback-scam-82cf4502
Link: Personal SharePoint with invalid recipients and credential theft language
20d ago
Jan 23rd, 2026
Sublime Security
Credential Phishing
Social engineering
Content analysis
Header analysis
Natural Language Understanding
URL analysis
/feeds/core/detection-rules/link-personal-sharepoint-with-invalid-recipients-and-credential-theft-language-79d5403d
Extortion / sextortion (untrusted sender)
21d ago
Jan 22nd, 2026
Sublime Security
Extortion
Social engineering
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/extortion-sextortion-untrusted-sender-265913eb
Fake voicemail notification (untrusted sender)
21d ago
Jan 22nd, 2026
Sublime Security
Credential Phishing
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
URL analysis
/feeds/core/detection-rules/fake-voicemail-notification-untrusted-sender-74ba7787
Page 1 of 10