Tactic or Technique: Out of band pivot

Attackers use out-of-band pivoting to move conversations off email and onto channels with less security oversight. They start with a simple message and then try to shift the conversation to phone, text, WhatsApp, or personal email, where monitoring and protections are weaker or nonexistent.
A message may reference an urgent issue and include a phone number, QR code, or request to continue the conversation elsewhere. Once the communication moves off email, attackers can push the scam further without being seen by security tools.
This tactic works because it breaks the visibility chain. Email security may catch a bad link or attachment, but it can’t detect what happens in a phone call or private chat. That gap gives attackers more freedom to ask for credentials, convince you to take risky actions, or escalate the attack without triggering alerts.
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Callback phishing via Google Meet
8d ago
Jul 8th, 2026
Sublime Security
Impersonation: IT Department mailbox storage alert
9d ago
Jul 7th, 2026
Sublime Security
Attachment: Romance scam with image lure and advance-fee or suspicious link indicators
15d ago
Jul 1st, 2026
Sublime Security
Service abuse: Settime.io sender with callback scam intent
22d ago
Jun 24th, 2026
Sublime Security
Service abuse: IBM IAM account notification with callback scam indicators
30d ago
Jun 16th, 2026
Sublime Security
Callback phishing via Apple ID display name abuse
1mo ago
Jun 11th, 2026
Sublime Security
Benefits enrollment impersonation
1mo ago
Jun 5th, 2026
Sublime Security
BEC/Fraud: Job scam fake thread or plaintext pivot to freemail
1mo ago
Jun 5th, 2026
Sublime Security
Attachment: Callback phishing solicitation via pdf file
1mo ago
Jun 5th, 2026
Sublime Security
HR impersonation via e-sign agreement comment
1mo ago
Jun 5th, 2026
Sublime Security
Service abuse: Amazon invitation with suspected callback phishing
1mo ago
May 22nd, 2026
Sublime Security
Scam: Fake estate sale offering welding equipment and tools
2mo ago
May 12th, 2026
Sublime Security
BEC/Fraud: Student loan callback phishing
2mo ago
May 4th, 2026
Sublime Security
Callback phishing via Adobe Sign comment
2mo ago
May 4th, 2026
Sublime Security
BEC/Fraud: Scam lure with freemail pivot
2mo ago
Apr 30th, 2026
Sublime Security
Service abuse: Google Calendar notification with callback scam language
2mo ago
Apr 28th, 2026
Sublime Security
Callback phishing via Microsoft comment
3mo ago
Apr 13th, 2026
Sublime Security
Service abuse: Microsoft Power Apps callback scam
3mo ago
Mar 30th, 2026
Sublime Security
Callback phishing in body or attachment (untrusted sender)
3mo ago
Mar 27th, 2026
Sublime Security
Service abuse: AWS SNS callback scam impersonation
3mo ago
Mar 26th, 2026
Sublime Security