Detection Method: Optical Character Recognition

OCR (Optical Character Recognition) helps systems read and analyze text in images, screenshots, and scanned documents. This method turns visual text into machine-readable content, allowing your security tools to catch things that would normally slip past text-based filters.
OCR can help you detect:
  • Phishing text hidden in images to bypass text-based filters
  • Suspicious language or instructions in scanned documents
  • QR codes with malicious links
  • Brand impersonation attempts using image-based logos or text
  • Requests for sensitive information disguised in images
For example, attackers often embed fake login prompts or instructions to call a "customer support" number in images. These tricks are designed to bypass traditional security filters, but OCR can extract and analyze the text to flag it as malicious before it reaches you.
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Brand impersonation: Internal Revenue Service
2d ago
Jul 14th, 2026
Sublime Security
Link: Multistage landing - Abused Adobe Acrobat hosted PDF
2d ago
Jul 14th, 2026
Sublime Security
Brand impersonation: Amazon Web Services (AWS)
10d ago
Jul 6th, 2026
Sublime Security
Attachment: Suspicious PDF created with headless browser
15d ago
Jul 1st, 2026
Sublime Security
Cloud storage impersonation with credential theft indicators
16d ago
Jun 30th, 2026
Sublime Security
Attachment: Invoice and W-9 PDFs with suspicious creators
20d ago
Jun 26th, 2026
Sublime Security
Attachment: Duplicated header pages in fraudulent multi-page PDF Request for Quotation
21d ago
Jun 25th, 2026
Sublime Security
Brand impersonation: Fake procurement/RFQ PDF from energy and industrial companies
21d ago
Jun 25th, 2026
Sublime Security
Brand impersonation: Fake Fax
29d ago
Jun 17th, 2026
Sublime Security
Open Redirect: Google domain with /url path and suspicious indicators
1mo ago
Jun 5th, 2026
Sublime Security
Attachment: Microsoft 365 credential phishing
1mo ago
Jun 5th, 2026
Sublime Security
Credential phishing: DocuSign embedded image lure with no DocuSign domains in links
1mo ago
Jun 5th, 2026
Sublime Security
Attachment: Fake attachment image lure
1mo ago
Jun 5th, 2026
Sublime Security
Attachment: Callback phishing solicitation via pdf file
1mo ago
Jun 5th, 2026
Sublime Security
Attachment: Adobe image lure in body or attachment with suspicious link
1mo ago
Jun 5th, 2026
Sublime Security
Brand impersonation: Microsoft with low reputation links
1mo ago
Jun 5th, 2026
Sublime Security
Brand impersonation: Adobe Acrobat Sign PDF phishing file format template
1mo ago
Jun 1st, 2026
Sublime Security
Attachment: Compensation-themed DOCX with QR code credential theft
1mo ago
May 29th, 2026
Sublime Security
Brand impersonation: Figma with malicious document access overlay
1mo ago
May 27th, 2026
Sublime Security
X (Twitter) impersonation with credential phishing motives
2mo ago
May 15th, 2026
Sublime Security