Tactic or Technique: Social engineering

Social engineering targets people instead of systems. Attackers use persuasion, pressure, or emotional cues to get you to act quickly and bypass security tools without realizing it.
Messages often create urgency, mimic authority figures, or feel familiar enough to lower your guard. An attacker might pose as your manager asking for a quick favor, reference a recent company event, or claim your account is about to be locked. These tricks are designed to feel legitimate and get you to respond without verifying the request.
Common approaches include pretexting, where attackers invent a believable scenario; baiting, where they offer something enticing; or quid pro quo, where they offer help in exchange for access. Even a single successful interaction can lead to broader compromise, including data theft, ransomware, or a full network breach.
Blog Posts
Credential phishing Charles Schwab account holders with 2FA bypass · Blog · Sublime Security
Credential phishing Charles Schwab account holders with 2FA bypass · Blog · Sublime Security
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Callback phishing via invoice abuse and distribution list relays · Blog · Sublime Security
Callback phishing via invoice abuse and distribution list relays · Blog · Sublime Security
Talking phish over turkey · Blog · Sublime Security
Talking phish over turkey · Blog · Sublime Security
Hidden credential phishing within EML attachments · Blog · Sublime Security
Hidden credential phishing within EML attachments · Blog · Sublime Security
Living Off the Land: Credential Phishing via Docusign abuse · Blog · Sublime Security
Living Off the Land: Credential Phishing via Docusign abuse · Blog · Sublime Security
Living Off the Land: Callback Phishing via Docusign comment · Blog · Sublime Security
Living Off the Land: Callback Phishing via Docusign comment · Blog · Sublime Security
Adversarial ML: Extortion via LLM Manipulation Tactics · Blog · Sublime Security
Adversarial ML: Extortion via LLM Manipulation Tactics · Blog · Sublime Security
Fake invoice used to conduct $16,800 BEC attempt · Blog · Sublime Security
Fake invoice used to conduct $16,800 BEC attempt · Blog · Sublime Security
Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques · Blog · Sublime Security
Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques · Blog · Sublime Security
Attack Types (6):
Credential Phishing
Malware/Ransomware
BEC/Fraud
Spam
Callback Phishing
Extortion
Detection Methods (19):
Content analysis
Header analysis
URL analysis
Computer Vision
Natural Language Understanding
Sender analysis
File analysis
Whois
URL screenshot
HTML analysis
Javascript analysis
Exif analysis
Optical Character Recognition
QR code analysis
Archive analysis
YARA
Macro analysis
OLE analysis
Threat intelligence
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Brand impersonation: Google Drive fake file share
6h ago
Dec 4th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Impersonation: Brand
Social engineering
Content analysis
Header analysis
URL analysis
Computer Vision
/feeds/core/detection-rules/brand-impersonation-google-drive-fake-file-share-b424a941
Service abuse: Sendgrid credential theft with personalized request targeting single recipient
7h ago
Dec 4th, 2025
Sublime Security
Credential Phishing
Social engineering
Header analysis
Natural Language Understanding
Sender analysis
Content analysis
/feeds/core/detection-rules/service-abuse-sendgrid-credential-theft-with-personalized-request-targeting-single-recipient-b9680da1
Fake voicemail notification (untrusted sender)
11h ago
Dec 4th, 2025
Sublime Security
Credential Phishing
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
URL analysis
/feeds/core/detection-rules/fake-voicemail-notification-untrusted-sender-74ba7787
Attachment: PDF with personal Microsoft OneNote URL
11h ago
Dec 4th, 2025
Sublime Security
Credential Phishing
PDF
Social engineering
File analysis
Content analysis
/feeds/core/detection-rules/attachment-pdf-with-personal-microsoft-onenote-url-0675bbc5
Fraudulent order confirmation/shipping notification from Chinese sender domain
2d ago
Dec 3rd, 2025
Sublime Security
BEC/Fraud
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
Whois
/feeds/core/detection-rules/fraudulent-order-confirmationshipping-notification-from-chinese-sender-domain-4392a14e
Link: HR impersonation with suspicious domain indicators and credential theft
2d ago
Dec 3rd, 2025
Sublime Security
Credential Phishing
Impersonation: Employee
Social engineering
Lookalike domain
Content analysis
Natural Language Understanding
Computer Vision
URL analysis
URL screenshot
/feeds/core/detection-rules/link-hr-impersonation-with-suspicious-domain-indicators-and-credential-theft-f31f8831
Spam: Fake dating profile notification
2d ago
Dec 3rd, 2025
Sublime Security
Spam
Free email provider
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
/feeds/core/detection-rules/spam-fake-dating-profile-notification-0f33fea2
Service abuse: Roomsy with unrelated body content
3d ago
Dec 2nd, 2025
Sublime Security
BEC/Fraud
Credential Phishing
Impersonation: Brand
Social engineering
Header analysis
Sender analysis
Natural Language Understanding
/feeds/core/detection-rules/service-abuse-roomsy-with-unrelated-body-content-18e08a5a
Service abuse: Suspicious Zoom Docs link
3d ago
Dec 2nd, 2025
Sublime Security
Credential Phishing
Social engineering
Free file host
Evasion
HTML analysis
Sender analysis
Header analysis
/feeds/core/detection-rules/service-abuse-suspicious-zoom-docs-link-064b2594
Spam: Firebase password reset from suspicious sender
3d ago
Dec 2nd, 2025
Sublime Security
Credential Phishing
Spam
Evasion
Social engineering
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/spam-firebase-password-reset-from-suspicious-sender-a2f673a9
Link: URL scheme obfuscation via split HTML anchors
3d ago
Dec 2nd, 2025
Sublime Security
Credential Phishing
BEC/Fraud
Evasion
Social engineering
Content analysis
HTML analysis
URL analysis
/feeds/core/detection-rules/link-url-scheme-obfuscation-via-split-html-anchors-10375948
Brand impersonation: Google Workspace alert notification
3d ago
Dec 2nd, 2025
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Lookalike domain
Header analysis
Content analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/brand-impersonation-google-workspace-alert-notification-143ffbc4
Brand impersonation: Purdue ePlanroom with suspicious links
3d ago
Dec 2nd, 2025
Sublime Security
Credential Phishing
BEC/Fraud
Impersonation: Brand
Social engineering
Content analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/brand-impersonation-purdue-eplanroom-with-suspicious-links-4db5b0b6
Credential phishing: Generic document sharing
3d ago
Dec 2nd, 2025
Sublime Security
Credential Phishing
BEC/Fraud
Social engineering
Evasion
Impersonation: Employee
Content analysis
Natural Language Understanding
URL analysis
Sender analysis
/feeds/core/detection-rules/credential-phishing-generic-document-sharing-9f0e1d2c
Brand impersonation: United Healthcare
3d ago
Dec 2nd, 2025
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Header analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-united-healthcare-f8dfff1a
Reconnaissance: Short generic greeting message
3d ago
Dec 2nd, 2025
Sublime Security
BEC/Fraud
Callback Phishing
Social engineering
Free email provider
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/reconnaissance-short-generic-greeting-message-c67dedab
Suspicious invoice reference with missing or image-only attachments
3d ago
Dec 2nd, 2025
Sublime Security
Credential Phishing
Social engineering
Content analysis
Computer Vision
File analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/suspicious-invoice-reference-with-missing-or-image-only-attachments-466c1680
Link abuse: Self-service creation platform link with suspicious recipient behavior
3d ago
Dec 2nd, 2025
Sublime Security
BEC/Fraud
Credential Phishing
Spam
Free email provider
Social engineering
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/link-abuse-self-service-creation-platform-link-with-suspicious-recipient-behavior-384ad135
Impersonation: Social Security Administration (SSA)
3d ago
Dec 2nd, 2025
Sublime Security
BEC/Fraud
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/impersonation-social-security-administration-ssa-6196767e
Brand impersonation: Sharepoint fake file share
3d ago
Dec 2nd, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Impersonation: Brand
Social engineering
Content analysis
Header analysis
URL analysis
Computer Vision
/feeds/core/detection-rules/brand-impersonation-sharepoint-fake-file-share-ff8b296b
Page 1 of 22