Sublime Security

Sublime Core Feed
Spoofing
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Tactic or Technique: Spoofing
Spoofing is when attackers falsify sender information to make a message look like it came from someone you trust by forging a real email address.
Messages like this often impersonate executives, IT support, or vendors and can lead to stolen credentials, wire fraud, or malware infections. When the source looks trustworthy, you're more likely to follow instructions, click a link, or open a file without hesitation.
Spoofing is especially effective when email authentication protocols like SPF, DKIM, and DMARC aren’t properly enforced. Without those protections, it becomes much easier for attackers to get past both technical filters and human judgment.
Blog Posts
Talking phish over turkey · Blog · Sublime Security
Adversarial ML: Extortion via LLM Manipulation Tactics · Blog · Sublime Security
Attack Types (5):
Spam
Credential Phishing
BEC/Fraud
Extortion
Malware/Ransomware
Detection Methods (9):
Sender analysis
Header analysis
URL analysis
Content analysis
Natural Language Understanding
Whois
File analysis
Computer Vision
Optical Character Recognition
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
Sender: IP address in local part
18d ago
Mar 12th, 2026
Sublime Security
Spam
Credential Phishing
BEC/Fraud
Evasion
Spoofing
Sender analysis
Spam
Credential Phishing
BEC/Fraud
Evasion
Spoofing
Sender analysis
Brand impersonation: DocuSign
1mo ago
Feb 24th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Spoofing
Header analysis
Sender analysis
URL analysis
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Spoofing
Header analysis
Sender analysis
URL analysis
Brand impersonation: Survey request with credential theft indicators
1mo ago
Feb 20th, 2026
Sublime Security
Credential Phishing
Social engineering
Impersonation: Brand
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Credential Phishing
Social engineering
Impersonation: Brand
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Brand impersonation: Navan
1mo ago
Feb 9th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Spoofing
Sender analysis
Natural Language Understanding
URL analysis
Content analysis
Credential Phishing
Impersonation: Brand
Social engineering
Spoofing
Sender analysis
Natural Language Understanding
URL analysis
Content analysis
Reconnaissance: Empty subject with mismatched reply-to from new sender
1mo ago
Feb 6th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Evasion
Social engineering
Spoofing
Header analysis
Sender analysis
BEC/Fraud
Credential Phishing
Evasion
Social engineering
Spoofing
Header analysis
Sender analysis
Headers: Fake in-reply-to with wildcard sender and missing thread context
2mo ago
Jan 23rd, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Evasion
Social engineering
Spoofing
Header analysis
Sender analysis
Content analysis
BEC/Fraud
Credential Phishing
Evasion
Social engineering
Spoofing
Header analysis
Sender analysis
Content analysis
Extortion / sextortion (untrusted sender)
2mo ago
Jan 22nd, 2026
Sublime Security
Extortion
Social engineering
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Extortion
Social engineering
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Vendor impersonation: Thread hijacking with typosquat domain
2mo ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Lookalike domain
Social engineering
Spoofing
Content analysis
Natural Language Understanding
Sender analysis
Whois
BEC/Fraud
Lookalike domain
Social engineering
Spoofing
Content analysis
Natural Language Understanding
Sender analysis
Whois
VIP impersonation: Fake thread with display name match, email mismatch
2mo ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Evasion
Impersonation: VIP
Social engineering
Spoofing
Content analysis
Header analysis
Sender analysis
Whois
BEC/Fraud
Evasion
Impersonation: VIP
Social engineering
Spoofing
Content analysis
Header analysis
Sender analysis
Whois
Service Abuse: Nifty.com with impersonation
2mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Spoofing
Sender analysis
Credential Phishing
Spoofing
Sender analysis
Impersonation: SharePoint reply header anomaly
2mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Social engineering
Impersonation: Brand
Evasion
Spoofing
Header analysis
Content analysis
Sender analysis
Credential Phishing
Social engineering
Impersonation: Brand
Evasion
Spoofing
Header analysis
Content analysis
Sender analysis
SPF temp error
2mo ago
Jan 12th, 2026
Sublime Security
Spoofing
Header analysis
Spoofing
Header analysis
Headers: System account impersonation with empty sender address
2mo ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Impersonation: Employee
Social engineering
Spoofing
Header analysis
Sender analysis
Natural Language Understanding
BEC/Fraud
Credential Phishing
Impersonation: Employee
Social engineering
Spoofing
Header analysis
Sender analysis
Natural Language Understanding
Brand impersonation: State Farm
3mo ago
Dec 17th, 2025
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Spoofing
Header analysis
Sender analysis
Credential Phishing
Impersonation: Brand
Social engineering
Spoofing
Header analysis
Sender analysis
Body: Embedded email headers indicative of thread hijacking/abuse
3mo ago
Dec 1st, 2025
Sublime Security
Credential Phishing
BEC/Fraud
Spam
Evasion
Social engineering
Spoofing
Content analysis
Header analysis
Sender analysis
Credential Phishing
BEC/Fraud
Spam
Evasion
Social engineering
Spoofing
Content analysis
Header analysis
Sender analysis
VIP Impersonation via Google Group relay with suspicious indicators
4mo ago
Nov 12th, 2025
Sublime Security
BEC/Fraud
Credential Phishing
Malware/Ransomware
Evasion
Free email provider
Impersonation: Employee
Social engineering
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Credential Phishing
Malware/Ransomware
Evasion
Free email provider
Impersonation: Employee
Social engineering
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Headers: Outlook Express mailer
4mo ago
Nov 6th, 2025
Sublime Security
BEC/Fraud
Credential Phishing
Malware/Ransomware
Evasion
Spoofing
Header analysis
BEC/Fraud
Credential Phishing
Malware/Ransomware
Evasion
Spoofing
Header analysis
Attachment: ICS calendar with embedded file from internal sender with SPF failure
5mo ago
Oct 22nd, 2025
Sublime Security
Credential Phishing
Spoofing
Evasion
File analysis
Header analysis
Sender analysis
Credential Phishing
Spoofing
Evasion
File analysis
Header analysis
Sender analysis
VIP local_part impersonation from unsolicited sender
7mo ago
Aug 12th, 2025
Sublime Security
Impersonation: VIP
Spoofing
Header analysis
Sender analysis
Impersonation: VIP
Spoofing
Header analysis
Sender analysis
Extortion / sextortion in attachment from untrusted sender
7mo ago
Aug 5th, 2025
Sublime Security
Extortion
Social engineering
Spoofing
Computer Vision
Content analysis
File analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
Extortion
Social engineering
Spoofing
Computer Vision
Content analysis
File analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
Page 1 of 2

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Sender: IP address in local part	18d ago Mar 12th, 2026	Sublime Security	Spam Credential Phishing BEC/Fraud Evasion Spoofing Sender analysis
Brand impersonation: DocuSign	1mo ago Feb 24th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Spoofing Header analysis Sender analysis URL analysis
Brand impersonation: Survey request with credential theft indicators	1mo ago Feb 20th, 2026	Sublime Security	Credential Phishing Social engineering Impersonation: Brand Spoofing Content analysis Header analysis Natural Language Understanding Sender analysis
Brand impersonation: Navan	1mo ago Feb 9th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Spoofing Sender analysis Natural Language Understanding URL analysis Content analysis
Reconnaissance: Empty subject with mismatched reply-to from new sender	1mo ago Feb 6th, 2026	Sublime Security	BEC/Fraud Credential Phishing Evasion Social engineering Spoofing Header analysis Sender analysis
Headers: Fake in-reply-to with wildcard sender and missing thread context	2mo ago Jan 23rd, 2026	Sublime Security	BEC/Fraud Credential Phishing Evasion Social engineering Spoofing Header analysis Sender analysis Content analysis
Extortion / sextortion (untrusted sender)	2mo ago Jan 22nd, 2026	Sublime Security	Extortion Social engineering Spoofing Content analysis Header analysis Natural Language Understanding Sender analysis
Vendor impersonation: Thread hijacking with typosquat domain	2mo ago Jan 12th, 2026	Sublime Security	BEC/Fraud Lookalike domain Social engineering Spoofing Content analysis Natural Language Understanding Sender analysis Whois
VIP impersonation: Fake thread with display name match, email mismatch	2mo ago Jan 12th, 2026	Sublime Security	BEC/Fraud Evasion Impersonation: VIP Social engineering Spoofing Content analysis Header analysis Sender analysis Whois
Service Abuse: Nifty.com with impersonation	2mo ago Jan 12th, 2026	Sublime Security	Credential Phishing Spoofing Sender analysis
Impersonation: SharePoint reply header anomaly	2mo ago Jan 12th, 2026	Sublime Security	Credential Phishing Social engineering Impersonation: Brand Evasion Spoofing Header analysis Content analysis Sender analysis
SPF temp error	2mo ago Jan 12th, 2026	Sublime Security	Spoofing Header analysis
Headers: System account impersonation with empty sender address	2mo ago Jan 12th, 2026	Sublime Security	BEC/Fraud Credential Phishing Impersonation: Employee Social engineering Spoofing Header analysis Sender analysis Natural Language Understanding
Brand impersonation: State Farm	3mo ago Dec 17th, 2025	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Spoofing Header analysis Sender analysis
Body: Embedded email headers indicative of thread hijacking/abuse	3mo ago Dec 1st, 2025	Sublime Security	Credential Phishing BEC/Fraud Spam Evasion Social engineering Spoofing Content analysis Header analysis Sender analysis
VIP Impersonation via Google Group relay with suspicious indicators	4mo ago Nov 12th, 2025	Sublime Security	BEC/Fraud Credential Phishing Malware/Ransomware Evasion Free email provider Impersonation: Employee Social engineering Spoofing Content analysis Header analysis Natural Language Understanding Sender analysis
Headers: Outlook Express mailer	4mo ago Nov 6th, 2025	Sublime Security	BEC/Fraud Credential Phishing Malware/Ransomware Evasion Spoofing Header analysis
Attachment: ICS calendar with embedded file from internal sender with SPF failure	5mo ago Oct 22nd, 2025	Sublime Security	Credential Phishing Spoofing Evasion File analysis Header analysis Sender analysis
VIP local_part impersonation from unsolicited sender	7mo ago Aug 12th, 2025	Sublime Security	Impersonation: VIP Spoofing Header analysis Sender analysis
Extortion / sextortion in attachment from untrusted sender	7mo ago Aug 5th, 2025	Sublime Security	Extortion Social engineering Spoofing Computer Vision Content analysis File analysis Natural Language Understanding Optical Character Recognition Sender analysis