Social engineering

Tactic or Technique: Social engineering

Social engineering targets people instead of systems. Attackers use persuasion, pressure, or emotional cues to get you to act quickly and bypass security tools without realizing it.

Messages often create urgency, mimic authority figures, or feel familiar enough to lower your guard. An attacker might pose as your manager asking for a quick favor, reference a recent company event, or claim your account is about to be locked. These tricks are designed to feel legitimate and get you to respond without verifying the request.

Common approaches include pretexting, where attackers invent a believable scenario; baiting, where they offer something enticing; or quid pro quo, where they offer help in exchange for access. Even a single successful interaction can lead to broader compromise, including data theft, ransomware, or a full network breach.

Blog Posts

Credential phishing Charles Schwab account holders with 2FA bypass

Hiding a $50,000 BEC financial fraud in a fake email thread

Callback phishing via invoice abuse and distribution list relays

Talking phish over turkey

Hidden credential phishing within EML attachments

Living Off the Land: Credential Phishing via Docusign abuse

Living Off the Land: Callback Phishing via Docusign comment

Adversarial ML: Extortion via LLM Manipulation Tactics

Fake invoice used to conduct $16,800 BEC attempt

Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques

Attack Types (4):

Detection Methods (12):

Content analysis

Header analysis

Natural Language Understanding

URL analysis

Sender analysis

Computer Vision

Optical Character Recognition

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Xero Infrastructure Abuse	5h ago May 23rd, 2025	Sublime Security	Credential Phishing Evasion Social engineering Content analysis Header analysis Natural Language Understanding URL analysis	/feeds/core/detection-rules/xero-infrastructure-abuse-918c4bd3
Link: Direct link to Zoom Docs from Non-Zoom Sender	1d ago May 22nd, 2025	Sublime Security	Credential Phishing Social engineering Impersonation: Brand Header analysis URL analysis Sender analysis	/feeds/core/detection-rules/link-direct-link-to-zoom-docs-from-non-zoom-sender-5c6362db
Brand impersonation: DocuSign	2d ago May 21st, 2025	Sublime Security	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Spoofing Header analysis Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-docusign-4d29235c
Callback phishing via Intuit service abuse	2d ago May 21st, 2025	Sublime Security	Callback Phishing Evasion Free email provider Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Optical Character Recognition	/feeds/core/detection-rules/callback-phishing-via-intuit-service-abuse-f2fe1294
Link: Multistage Landing - Scribd Document	7d ago May 16th, 2025	Sublime Security	Credential Phishing Evasion Social engineering Impersonation: Brand Free file host URL analysis HTML analysis Natural Language Understanding Computer Vision Optical Character Recognition URL screenshot	/feeds/core/detection-rules/link-multistage-landing-scribd-document-afa9807d
Canva Design With Suspicious Embedded Link	7d ago May 16th, 2025	Sublime Security	Credential Phishing Evasion Social engineering Free file host HTML analysis URL analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/canva-design-with-suspicious-embedded-link-02959e22
Corporate Services Impersonation Phishing	7d ago May 16th, 2025	Sublime Security	Credential Phishing Impersonation: Employee Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/corporate-services-impersonation-phishing-3cd04f33
ClickFunnels link infrastructure abuse	7d ago May 16th, 2025	Sublime Security	Credential Phishing Free email provider Free subdomain host Social engineering Content analysis Header analysis QR code analysis Sender analysis URL analysis	/feeds/core/detection-rules/clickfunnels-link-infrastructure-abuse-9192fbe9
EML attachment with credential theft language (unknown sender)	7d ago May 16th, 2025	Sublime Security	Credential Phishing Evasion Social engineering Natural Language Understanding Sender analysis Content analysis Header analysis	/feeds/core/detection-rules/eml-attachment-with-credential-theft-language-unknown-sender-00e06af1
Brand Impersonation: Zoom	8d ago May 15th, 2025	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Evasion Computer Vision Content analysis HTML analysis Natural Language Understanding URL analysis	/feeds/core/detection-rules/brand-impersonation-zoom-5abad540
Brand impersonation: Microsoft	8d ago May 15th, 2025	@amitchell516	Credential Phishing Impersonation: Brand Social engineering Content analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-microsoft-6e2f04e6
Vendor Compromise: GovDelivery Message With Suspicious Link	8d ago May 15th, 2025	Sublime Security	Credential Phishing Malware/Ransomware Free subdomain host IPFS Social engineering Evasion Impersonation: Brand Natural Language Understanding URL analysis Whois	/feeds/core/detection-rules/vendor-compromise-govdelivery-message-with-suspicious-link-0d2d5172
Link: Multistage Landing - Ludus Presentation	9d ago May 14th, 2025	Sublime Security	Credential Phishing Evasion Social engineering Impersonation: Brand Header analysis URL analysis Computer Vision URL screenshot Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/link-multistage-landing-ludus-presentation-a8b3c311
Link: Scribd Fullscreen Link From Suspicious Sender	9d ago May 14th, 2025	Sublime Security	Credential Phishing Free file host Social engineering Evasion URL analysis Sender analysis	/feeds/core/detection-rules/link-scribd-fullscreen-link-from-suspicious-sender-9e9bc972
Link: Multistage Landing - Published Google Doc	9d ago May 14th, 2025	Sublime Security	Credential Phishing Free file host Social engineering Natural Language Understanding URL analysis Whois	/feeds/core/detection-rules/link-multistage-landing-published-google-doc-031e1ff8
Fake email quarantine notification	9d ago May 14th, 2025	Sublime Security	Credential Phishing Social engineering Content analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/fake-email-quarantine-notification-73f26a3d
Brand Impersonation: Meta and Subsidiaries	9d ago May 14th, 2025	Sublime Security	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-meta-and-subsidiaries-e38f1e3b
Brand impersonation: Amazon with suspicious attachment	9d ago May 14th, 2025	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Computer Vision File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/brand-impersonation-amazon-with-suspicious-attachment-5751dcb9
Salesforce Infrastructure Abuse	14d ago May 9th, 2025	Sublime Security	Credential Phishing Evasion Social engineering Content analysis Header analysis Natural Language Understanding URL analysis	/feeds/core/detection-rules/salesforce-infrastructure-abuse-78a77c70
Link: Display Text Matches Subject Line	14d ago May 9th, 2025	Sublime Security	BEC/Fraud Credential Phishing Social engineering Evasion Header analysis Content analysis Natural Language Understanding URL analysis	/feeds/core/detection-rules/link-display-text-matches-subject-line-ba722cf0