Optical Character Recognition

Detection Method: Optical Character Recognition

OCR (Optical Character Recognition) helps systems read and analyze text in images, screenshots, and scanned documents. This method turns visual text into machine-readable content, allowing your security tools to catch things that would normally slip past text-based filters.

OCR can help you detect:

Phishing text hidden in images to bypass text-based filters
Suspicious language or instructions in scanned documents
QR codes with malicious links
Brand impersonation attempts using image-based logos or text
Requests for sensitive information disguised in images

For example, attackers often embed fake login prompts or instructions to call a "customer support" number in images. These tricks are designed to bypass traditional security filters, but OCR can extract and analyze the text to flag it as malicious before it reaches you.

Blog Posts

Hiding a $50,000 BEC financial fraud in a fake email thread

Call Me Maybe? The Rise of Callback Phishing Emails

Detecting Credential Phishing using Deep Learning + MQL

Attack Types (5):

Tactics & Techniques (10):

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Callback phishing via Intuit service abuse	2d ago May 21st, 2025	Sublime Security	Callback Phishing Evasion Free email provider Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Optical Character Recognition	/feeds/core/detection-rules/callback-phishing-via-intuit-service-abuse-f2fe1294
Link: Multistage Landing - Scribd Document	7d ago May 16th, 2025	Sublime Security	Credential Phishing Evasion Social engineering Impersonation: Brand Free file host URL analysis HTML analysis Natural Language Understanding Computer Vision Optical Character Recognition URL screenshot	/feeds/core/detection-rules/link-multistage-landing-scribd-document-afa9807d
Attachment: Adobe image lure in body or attachment with suspicious link	7d ago May 16th, 2025	Sublime Security	Credential Phishing Image as content Impersonation: Brand Content analysis Computer Vision Optical Character Recognition Sender analysis URL analysis	/feeds/core/detection-rules/attachment-adobe-image-lure-in-body-or-attachment-with-suspicious-link-1d7add81
Link: Multistage Landing - Ludus Presentation	9d ago May 14th, 2025	Sublime Security	Credential Phishing Evasion Social engineering Impersonation: Brand Header analysis URL analysis Computer Vision URL screenshot Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/link-multistage-landing-ludus-presentation-a8b3c311
Brand impersonation: Amazon with suspicious attachment	9d ago May 14th, 2025	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Computer Vision File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/brand-impersonation-amazon-with-suspicious-attachment-5751dcb9
Link: Figma Design Deck With Credential Phishing Language	16d ago May 7th, 2025	Sublime Security	Credential Phishing Evasion Free file host Social engineering Natural Language Understanding Computer Vision Optical Character Recognition URL analysis URL screenshot Sender analysis	/feeds/core/detection-rules/link-figma-design-deck-with-credential-phishing-language-87601924
Brand impersonation: Microsoft with low reputation links	16d ago May 7th, 2025	Sublime Security	Credential Phishing Free file host Image as content Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-microsoft-with-low-reputation-links-b59201b6
Issuu Document With Suspicious Embedded Link	18d ago May 5th, 2025	Sublime Security	Credential Phishing Social engineering Free file host Evasion URL analysis URL screenshot Natural Language Understanding Optical Character Recognition	/feeds/core/detection-rules/issuu-document-with-suspicious-embedded-link-0d73f43d
Brand impersonation: DocuSign branded attachment lure with no DocuSign links	23d ago Apr 30th, 2025	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL screenshot	/feeds/core/detection-rules/brand-impersonation-docusign-branded-attachment-lure-with-no-docusign-links-814a5694
Attachment: Fake Voicemail via PDF	23d ago Apr 30th, 2025	Sublime Security	Credential Phishing PDF QR code Social engineering Computer Vision Content analysis File analysis Optical Character Recognition QR code analysis URL analysis	/feeds/core/detection-rules/attachment-fake-voicemail-via-pdf-d3587209
Link: Multistage Landing - Abuse Adobe Acrobat Hosted PDF	25d ago Apr 28th, 2025	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Computer Vision Optical Character Recognition URL analysis Header analysis Sender analysis	/feeds/core/detection-rules/link-multistage-landing-abuse-adobe-acrobat-hosted-pdf-609081ef
Brand Impersonation: Fake Fax	28d ago Apr 25th, 2025	Sublime Security	Credential Phishing Impersonation: Brand Image as content Free file host Free subdomain host Social engineering Computer Vision Content analysis Optical Character Recognition Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-fake-fax-2a96b90a
Brand Impersonation: SendGrid	1mo ago Apr 15th, 2025	Sublime Security	BEC/Fraud Credential Phishing Spam Impersonation: Brand Social engineering Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/brand-impersonation-sendgrid-d800124f
Attachment: Fake attachment image lure	1mo ago Apr 11th, 2025	Sublime Security	Credential Phishing Malware/Ransomware Evasion Image as content Social engineering File analysis Natural Language Understanding Optical Character Recognition	/feeds/core/detection-rules/attachment-fake-attachment-image-lure-96b8b285
Brand Impersonation: Internal Revenue Service	1mo ago Apr 7th, 2025	Sublime Security	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Content analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/brand-impersonation-internal-revenue-service-3c63f8e9
Compensation Review With QR Code in Attached EML	1mo ago Apr 3rd, 2025	Sublime Security	Credential Phishing QR code Social engineering Computer Vision Content analysis Optical Character Recognition QR code analysis	/feeds/core/detection-rules/compensation-review-with-qr-code-in-attached-eml-98a2f03c
Brand Impersonation: TikTok	1mo ago Mar 31st, 2025	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/brand-impersonation-tiktok-aaacc8b7
Attachment: Callback Phishing solicitation via pdf file	1mo ago Mar 27th, 2025	Sublime Security	Callback Phishing Evasion Free email provider Out of band pivot PDF Social engineering Exif analysis File analysis Optical Character Recognition Sender analysis	/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-pdf-file-ac33f097
Suspicious Attachment: Duplicate decoy PDF files	2mo ago Mar 18th, 2025	Sublime Security	Credential Phishing Evasion PDF File analysis Optical Character Recognition	/feeds/core/detection-rules/suspicious-attachment-duplicate-decoy-pdf-files-79b9b2e7
Attachment: Callback Phishing solicitation via image file	2mo ago Mar 12th, 2025	@vector_sec	Callback Phishing Evasion Free email provider Out of band pivot Social engineering Image as content Content analysis Optical Character Recognition Sender analysis URL analysis Computer Vision	/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-image-file-60acbb36