• Out of band pivot

Tactic or Technique: Out of band pivot

Attackers use out-of-band pivoting to move conversations off email and onto channels with less security oversight. They start with a simple message and then try to shift the conversation to phone, text, WhatsApp, or personal email, where monitoring and protections are weaker or nonexistent.
A message may reference an urgent issue and include a phone number, QR code, or request to continue the conversation elsewhere. Once the communication moves off email, attackers can push the scam further without being seen by security tools.
This tactic works because it breaks the visibility chain. Email security may catch a bad link or attachment, but it can’t detect what happens in a phone call or private chat. That gap gives attackers more freedom to ask for credentials, convince you to take risky actions, or escalate the attack without triggering alerts.
Blog Posts
Callback phishing via invoice abuse and distribution list relays
Callback phishing via invoice abuse and distribution list relays
Living Off the Land: Callback Phishing via Docusign comment
Living Off the Land: Callback Phishing via Docusign comment
Call Me Maybe? The Rise of Callback Phishing Emails
Call Me Maybe? The Rise of Callback Phishing Emails
Attack Types (4):
Callback Phishing
BEC/Fraud
Credential Phishing
Malware/Ransomware
Detection Methods (10):
Exif analysis
File analysis
Optical Character Recognition
Sender analysis
Content analysis
Header analysis
Natural Language Understanding
URL analysis
Computer Vision
Whois
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Attachment: Callback Phishing solicitation via pdf file
9h ago
Jun 18th, 2025 UTC
Sublime Security
Callback Phishing
Evasion
Free email provider
Out of band pivot
PDF
Social engineering
Exif analysis
File analysis
Optical Character Recognition
Sender analysis
/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-pdf-file-ac33f097
Callback Phishing solicitation in message body
2d ago
Jun 16th, 2025 UTC
Sublime Security
Callback Phishing
Free email provider
Impersonation: Brand
Out of band pivot
Social engineering
File analysis
Sender analysis
/feeds/core/detection-rules/callback-phishing-solicitation-in-message-body-10a3a446
HR Impersonation via E-sign Agreement Comment
1mo ago
May 5th, 2025 UTC
Sublime Security
BEC/Fraud
Credential Phishing
Evasion
Impersonation: Brand
Out of band pivot
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/hr-impersonation-via-e-sign-agreement-comment-796c6f0f
Link: ScreenConnect Installer With Suspicious Relay Domain
1mo ago
May 2nd, 2025 UTC
Sublime Security
Malware/Ransomware
Evasion
Out of band pivot
Social engineering
URL analysis
File analysis
Content analysis
/feeds/core/detection-rules/link-screenconnect-installer-with-suspicious-relay-domain-37d21eef
Callback Phishing via Xodo Sign comment
1mo ago
Apr 28th, 2025 UTC
Sublime Security
Callback Phishing
Exploit
Impersonation: Brand
Out of band pivot
Social engineering
Computer Vision
Content analysis
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/callback-phishing-via-xodo-sign-comment-6f722c5d
Callback Phishing via Adobe Sign comment
1mo ago
Apr 25th, 2025 UTC
Sublime Security
Callback Phishing
Evasion
Impersonation: Brand
Out of band pivot
Social engineering
Content analysis
Computer Vision
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/callback-phishing-via-adobe-sign-comment-7eb4516d
Attachment: Callback Phishing solicitation via image file
3mo ago
Mar 12th, 2025 UTC
@vector_sec
Callback Phishing
Evasion
Free email provider
Out of band pivot
Social engineering
Image as content
Content analysis
Optical Character Recognition
Sender analysis
URL analysis
Computer Vision
/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-image-file-60acbb36
Callback Phishing: Social Security Administration Fraud
3mo ago
Feb 24th, 2025 UTC
Sublime Security
Callback Phishing
Evasion
Free email provider
Out of band pivot
PDF
Social engineering
Exif analysis
File analysis
Optical Character Recognition
Sender analysis
/feeds/core/detection-rules/callback-phishing-social-security-administration-fraud-a9049d52
Benefits Enrollment Impersonation
4mo ago
Jan 30th, 2025 UTC
Sublime Security
Credential Phishing
Evasion
Impersonation: Employee
Out of band pivot
Social engineering
Content analysis
Header analysis
Sender analysis
/feeds/core/detection-rules/benefits-enrollment-impersonation-5a6eb5a8
Callback Phishing via DocuSign comment
5mo ago
Jan 2nd, 2025 UTC
Sublime Security
Callback Phishing
Evasion
Impersonation: Brand
Out of band pivot
Social engineering
Content analysis
Computer Vision
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/callback-phishing-via-docusign-comment-48aec918
Callback Phishing in body or attachment (untrusted sender)
7mo ago
Nov 5th, 2024 UTC
Sublime Security
Callback Phishing
Out of band pivot
Social engineering
Content analysis
File analysis
Optical Character Recognition
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/callback-phishing-in-body-or-attachment-untrusted-sender-b93c6f94
BEC/Fraud - Student loan callback phishing
8mo ago
Oct 4th, 2024 UTC
Sublime Security
BEC/Fraud
Free email provider
Out of band pivot
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/becfraud-student-loan-callback-phishing-a71f82c3
Attachment: Callback Phishing solicitation via text-based file with a large unknown recipient list
10mo ago
Jul 26th, 2024 UTC
Sublime Security
Callback Phishing
Evasion
Out of band pivot
Social engineering
Content analysis
File analysis
Header analysis
Sender analysis
/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-text-based-file-with-a-large-unknown-recipient-list-ca39c83a
BEC/Fraud: Scam Lure with freemail pivot
1y ago
Jun 3rd, 2024 UTC
Sublime Security
BEC/Fraud
Free email provider
Out of band pivot
Content analysis
Header analysis
Sender analysis
/feeds/core/detection-rules/becfraud-scam-lure-with-freemail-pivot-898c769f
Callback Phishing: Branded invoice from sender/reply-to domain less than 30 days old
1y ago
Apr 25th, 2024 UTC
Sublime Security
Callback Phishing
Impersonation: Brand
Out of band pivot
Social engineering
Header analysis
Natural Language Understanding
Optical Character Recognition
Whois
/feeds/core/detection-rules/callback-phishing-branded-invoice-from-senderreply-to-domain-less-than-30-days-old-e6f4af53
Credential Phishing via Dropbox comment abuse
1y ago
Apr 23rd, 2024 UTC
Sublime Security
Credential Phishing
Evasion
Out of band pivot
Social engineering
Content analysis
Computer Vision
Sender analysis
/feeds/core/detection-rules/credential-phishing-via-dropbox-comment-abuse-744d494d
BEC/Fraud - Job Scam Fake thread or plaintext pivot to freemail
1y ago
Jan 8th, 2024 UTC
Sublime Security
BEC/Fraud
Free email provider
Out of band pivot
Content analysis
File analysis
Natural Language Understanding
/feeds/core/detection-rules/becfraud-job-scam-fake-thread-or-plaintext-pivot-to-freemail-ce21c151