Detection Method: Natural Language Understanding

Natural Language Understanding (NLU) uses machine learning algorithms to analyze and interpret message content, helping systems detect subtle signs of malicious intent. Instead of just matching keywords, NLU looks at the context, tone, urgency, and intent behind the message.
NLU can help you detect:
  • Urgent language commonly used in BEC attacks impersonating executives or departments
  • Credential theft attempts disguised as legitimate service notifications
  • Extortion or blackmail tactics used in intimidation campaigns
  • Financial terms typically found in payment fraud or invoice scams
  • Deceptive job offers designed to steal sensitive information
For example, NLU can identify when an email uses urgent language ("immediate attention required") combined with financial requests ("wire transfer") and impersonation, which are common tactics in BEC attacks.
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Brand impersonation: Internal Revenue Service
2d ago
Jul 14th, 2026
Sublime Security
Service abuse: Calendly callback scam detection
2d ago
Jul 14th, 2026
Sublime Security
Credential phishing: Generic document share with unicode and proceedural greeting template
2d ago
Jul 14th, 2026
Sublime Security
Link: Fraudulent state business filing notice
2d ago
Jul 14th, 2026
Sublime Security
Business Email Compromise (BEC) with request for mobile number
2d ago
Jul 14th, 2026
Sublime Security
Brand impersonation: Government / Tax Authority document lure
2d ago
Jul 14th, 2026
Sublime Security
VIP impersonation: VIP payment redirect handoff via fake threads
3d ago
Jul 13th, 2026
Sublime Security
VIP impersonation: Payment handoff with VIP display name authored fake threads
3d ago
Jul 13th, 2026
Sublime Security
Attachment: Encrypted PDF with credential theft language in EML
3d ago
Jul 13th, 2026
Sublime Security
VIP impersonation: Fake thread with VIPs missing email metadata
3d ago
Jul 13th, 2026
Sublime Security
Link: Generic financial document with proceedural timeline template
6d ago
Jul 10th, 2026
Sublime Security
Service abuse: Oracle Cloud Workflow callback scam
6d ago
Jul 10th, 2026
Sublime Security
Service abuse: Facebook mail notification callback scam
7d ago
Jul 9th, 2026
Sublime Security
Zoom Events newsletter abuse
8d ago
Jul 8th, 2026
Sublime Security
Brand impersonation: Amazon Web Services (AWS)
10d ago
Jul 6th, 2026
Sublime Security
Spam: Website errors solicitation
10d ago
Jul 6th, 2026
Sublime Security
Business Email Compromise: Request for mobile number via reply thread hijacking
10d ago
Jul 6th, 2026
Sublime Security
BEC: Executive coaching vendor impersonation
15d ago
Jul 1st, 2026
Sublime Security
Attachment: Romance scam with image lure and advance-fee or suspicious link indicators
15d ago
Jul 1st, 2026
Sublime Security
Credential phishing: Onedrive impersonation
16d ago
Jun 30th, 2026
Sublime Security