Attack Type: Spam

Spam refers to bulk, unsolicited messages, often promoting questionable offers, fake opportunities, or irrelevant content you never asked for. These messages typically ignore basic rules around consent and use shady tactics to sneak past filters, like misspelled words (“W1NNER,” “FREEBlE”) or fake brand names that look close to the real thing (“L0WES,” “C0STC0”).
You’ve probably seen examples: work-from-home schemes with unrealistic pay, miracle health products, SEO pitches warning about your website, or companies pushing “verified” contact lists. Some spam even pretends to be part of an ongoing thread by adding fake “RE:” or “FWD:” subject lines.
Even when the emails look polished or pass authentication checks, they’re often filled with misleading claims, fake urgency, or vague references to prior contact. While not always malicious, spam clutters inboxes, wastes time, and occasionally serves as a delivery method for more serious threats.
Tactics & Techniques (14):
Social engineering
Impersonation: Brand
Free email provider
Free file host
Free subdomain host
Lookalike domain
Evasion
Open redirect
Spoofing
Image as content
Encryption
Exploit
Scripting
PDF
Detection Methods (13):
Content analysis
HTML analysis
Natural Language Understanding
Sender analysis
URL analysis
Header analysis
Optical Character Recognition
Whois
Computer Vision
URL screenshot
File analysis
YARA
Exif analysis
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Service abuse: Apple TestFlight with suspicious developer reference
6d ago
Feb 6th, 2026
Sublime Security
Spam
Social engineering
Content analysis
HTML analysis
Natural Language Understanding
Sender analysis
URL analysis
/feeds/core/detection-rules/service-abuse-apple-testflight-with-suspicious-developer-reference-e7ea0ee0
Spam: Commonly observed formatting of unauthorized free giveaways
29d ago
Jan 14th, 2026
Sublime Security
Spam
Impersonation: Brand
Social engineering
Content analysis
HTML analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/spam-commonly-observed-formatting-of-unauthorized-free-giveaways-8bc49fa3
Brand impersonation: SendGrid
1mo ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Spam
Impersonation: Brand
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
/feeds/core/detection-rules/brand-impersonation-sendgrid-d800124f
BEC/Fraud: Urgent language and suspicious sending/infrastructure patterns
1mo ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Callback Phishing
Spam
Impersonation: Brand
Social engineering
Free email provider
Content analysis
Header analysis
Sender analysis
Whois
/feeds/core/detection-rules/becfraud-urgent-language-and-suspicious-sendinginfrastructure-patterns-ba8a79e0
Suspicious Links to Cloudflare R2 and Edge Services
1mo ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Spam
Free file host
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/suspicious-links-to-cloudflare-r2-and-edge-services-5dd3e5c8
Reconnaissance: Email address harvesting attempt
1mo ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Spam
Free email provider
Social engineering
Content analysis
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/reconnaissance-email-address-harvesting-attempt-bb31efbc
Service abuse: Random Google Firebase sender address with suspicious content
1mo ago
Jan 12th, 2026
Sublime Security
Spam
Credential Phishing
Free subdomain host
Social engineering
Content analysis
Header analysis
HTML analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
/feeds/core/detection-rules/service-abuse-random-google-firebase-sender-address-with-suspicious-content-9f8899a9
Brand impersonation: Hulu
1mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Spam
Free email provider
Impersonation: Brand
Lookalike domain
Social engineering
Computer Vision
Header analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-hulu-6833de58
Fake thread with suspicious indicators
1mo ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Spam
Evasion
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/fake-thread-with-suspicious-indicators-c2e18a57
Potential prompt injection attack in body HTML
1mo ago
Jan 12th, 2026
Sublime Security
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Spam
BEC/Fraud
Evasion
Social engineering
Header analysis
HTML analysis
Content analysis
/feeds/core/detection-rules/potential-prompt-injection-attack-in-body-html-5fb24736
Spam: Campaign with excessive display-text and keywords found
1mo ago
Jan 12th, 2026
Sublime Security
Spam
Content analysis
/feeds/core/detection-rules/spam-campaign-with-excessive-display-text-and-keywords-found-140e46a1
Spam: Campaign with excessive space/char obfuscation and free file hosted link
1mo ago
Jan 12th, 2026
Sublime Security
Spam
Free file host
Content analysis
Sender analysis
/feeds/core/detection-rules/spam-campaign-with-excessive-spacechar-obfuscation-and-free-file-hosted-link-122bc0ca
Spam: Default Microsoft Exchange Online sender domain (onmicrosoft.com)
1mo ago
Jan 12th, 2026
Sublime Security
Callback Phishing
Credential Phishing
Spam
Free email provider
Impersonation: Brand
Social engineering
Content analysis
Sender analysis
/feeds/core/detection-rules/spam-default-microsoft-exchange-online-sender-domain-onmicrosoftcom-3f2a64ce
Spam: Single recipient duplicated in cc
1mo ago
Jan 12th, 2026
Sublime Security
Spam
Impersonation: Brand
Social engineering
Header analysis
Content analysis
URL analysis
Sender analysis
/feeds/core/detection-rules/spam-single-recipient-duplicated-in-cc-387cacc9
Spam: URL shortener with short body content and emojis
1mo ago
Jan 12th, 2026
Sublime Security
Spam
Free email provider
Content analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/spam-url-shortener-with-short-body-content-and-emojis-b7797e4c
Suspicious subject with long procedurally generated text blob
1mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Spam
Evasion
Content analysis
Sender analysis
/feeds/core/detection-rules/suspicious-subject-with-long-procedurally-generated-text-blob-e819593d
Open redirect: Cartoon Network
1mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Spam
Open redirect
Evasion
Content analysis
URL analysis
/feeds/core/detection-rules/open-redirect-cartoon-network-7435e057
Spam: Website errors solicitation
2mo ago
Dec 11th, 2025
Sublime Security
Spam
Content analysis
Sender analysis
Natural Language Understanding
/feeds/core/detection-rules/spam-website-errors-solicitation-122ea794
Spam: Fake dating profile notification
2mo ago
Dec 3rd, 2025
Sublime Security
Spam
Free email provider
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
/feeds/core/detection-rules/spam-fake-dating-profile-notification-0f33fea2
Spam: Firebase password reset from suspicious sender
2mo ago
Dec 2nd, 2025
Sublime Security
Credential Phishing
Spam
Evasion
Social engineering
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/spam-firebase-password-reset-from-suspicious-sender-a2f673a9
Page 1 of 4