Sublime Security

Sublime Core Feed
Spoofing
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
ICS Phishing
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Tactic or Technique: Spoofing
Spoofing is when attackers falsify sender information to make a message look like it came from someone you trust by forging a real email address.
Messages like this often impersonate executives, IT support, or vendors and can lead to stolen credentials, wire fraud, or malware infections. When the source looks trustworthy, you're more likely to follow instructions, click a link, or open a file without hesitation.
Spoofing is especially effective when email authentication protocols like SPF, DKIM, and DMARC aren’t properly enforced. Without those protections, it becomes much easier for attackers to get past both technical filters and human judgment.
Blog Posts
Talking phish over turkey · Blog · Sublime Security
Adversarial ML: Extortion via LLM Manipulation Tactics · Blog · Sublime Security
Attack Types (6):
Credential Phishing
BEC/Fraud
Malware/Ransomware
Callback Phishing
Extortion
Spam
Detection Methods (11):
Content analysis
HTML analysis
URL analysis
Sender analysis
Threat intelligence
Header analysis
Natural Language Understanding
File analysis
Whois
Computer Vision
Optical Character Recognition
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
Body: Fake secure email portal with HTML obfuscation
5d ago
Jun 18th, 2026
Sublime Security
Credential Phishing
Evasion
Social engineering
Spoofing
Content analysis
HTML analysis
URL analysis
Sender analysis
Threat intelligence
Credential Phishing
Evasion
Social engineering
Spoofing
Content analysis
HTML analysis
URL analysis
Sender analysis
Threat intelligence
Brand impersonation: Bids & Tenders
6d ago
Jun 17th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Spoofing
Social engineering
Sender analysis
URL analysis
Content analysis
Credential Phishing
Impersonation: Brand
Spoofing
Social engineering
Sender analysis
URL analysis
Content analysis
Brand impersonation: Survey request with credential theft indicators
6d ago
Jun 17th, 2026
Sublime Security
Credential Phishing
Social engineering
Impersonation: Brand
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Credential Phishing
Social engineering
Impersonation: Brand
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
VIP Impersonation via Google Group relay with suspicious indicators
18d ago
Jun 5th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Malware/Ransomware
Evasion
Free email provider
Impersonation: Employee
Social engineering
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Credential Phishing
Malware/Ransomware
Evasion
Free email provider
Impersonation: Employee
Social engineering
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Service abuse: PayPal manager account creation with callback scam indicators
21d ago
Jun 2nd, 2026
Sublime Security
Callback Phishing
Credential Phishing
Impersonation: Brand
Social engineering
Spoofing
Sender analysis
Content analysis
Natural Language Understanding
Callback Phishing
Credential Phishing
Impersonation: Brand
Social engineering
Spoofing
Sender analysis
Content analysis
Natural Language Understanding
Brand impersonation: DocuSign
22d ago
Jun 1st, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Spoofing
Header analysis
Sender analysis
URL analysis
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Spoofing
Header analysis
Sender analysis
URL analysis
Headers: X-Source-Auth mismatch with mismatched reply-to domain
1mo ago
May 21st, 2026
Sublime Security
BEC/Fraud
Social engineering
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Social engineering
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Extortion / sextortion (untrusted sender)
1mo ago
May 20th, 2026
Sublime Security
Extortion
Social engineering
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Extortion
Social engineering
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Link: BEC with newly registered domains and financial keywords
1mo ago
May 1st, 2026
Sublime Security
BEC/Fraud
Social engineering
Evasion
Spoofing
Header analysis
Sender analysis
URL analysis
BEC/Fraud
Social engineering
Evasion
Spoofing
Header analysis
Sender analysis
URL analysis
Attachment: ICS calendar with embedded file from internal sender with SPF failure
1mo ago
Apr 28th, 2026
Sublime Security
Credential Phishing
Spoofing
Evasion
ICS Phishing
File analysis
Header analysis
Sender analysis
Credential Phishing
Spoofing
Evasion
ICS Phishing
File analysis
Header analysis
Sender analysis
Headers: Self-sender using Microsoft CompAuth bypass with credential theft content
1mo ago
Apr 27th, 2026
Sublime Security
Credential Phishing
Spoofing
Evasion
Natural Language Understanding
Header analysis
Sender analysis
Credential Phishing
Spoofing
Evasion
Natural Language Understanding
Header analysis
Sender analysis
Body: Suspicious date format
2mo ago
Apr 22nd, 2026
Sublime Security
Credential Phishing
Evasion
Spoofing
Social engineering
Content analysis
Credential Phishing
Evasion
Spoofing
Social engineering
Content analysis
Attachment: PDF with credential theft language and invalid reply-to domain
2mo ago
Apr 10th, 2026
Sublime Security
Credential Phishing
PDF
Social engineering
Spoofing
File analysis
Header analysis
Natural Language Understanding
Content analysis
Credential Phishing
PDF
Social engineering
Spoofing
File analysis
Header analysis
Natural Language Understanding
Content analysis
VIP impersonation: Fake thread with display name match, email mismatch
2mo ago
Apr 3rd, 2026
Sublime Security
BEC/Fraud
Evasion
Impersonation: VIP
Social engineering
Spoofing
Content analysis
Header analysis
Sender analysis
Whois
BEC/Fraud
Evasion
Impersonation: VIP
Social engineering
Spoofing
Content analysis
Header analysis
Sender analysis
Whois
Sender: IP address in local part
3mo ago
Mar 12th, 2026
Sublime Security
Spam
Credential Phishing
BEC/Fraud
Evasion
Spoofing
Sender analysis
Spam
Credential Phishing
BEC/Fraud
Evasion
Spoofing
Sender analysis
Brand impersonation: Navan
4mo ago
Feb 9th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Spoofing
Sender analysis
Natural Language Understanding
URL analysis
Content analysis
Credential Phishing
Impersonation: Brand
Social engineering
Spoofing
Sender analysis
Natural Language Understanding
URL analysis
Content analysis
Reconnaissance: Empty subject with mismatched reply-to from new sender
4mo ago
Feb 6th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Evasion
Social engineering
Spoofing
Header analysis
Sender analysis
BEC/Fraud
Credential Phishing
Evasion
Social engineering
Spoofing
Header analysis
Sender analysis
Headers: Fake in-reply-to with wildcard sender and missing thread context
5mo ago
Jan 23rd, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Evasion
Social engineering
Spoofing
Header analysis
Sender analysis
Content analysis
BEC/Fraud
Credential Phishing
Evasion
Social engineering
Spoofing
Header analysis
Sender analysis
Content analysis
Vendor impersonation: Thread hijacking with typosquat domain
5mo ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Lookalike domain
Social engineering
Spoofing
Content analysis
Natural Language Understanding
Sender analysis
Whois
BEC/Fraud
Lookalike domain
Social engineering
Spoofing
Content analysis
Natural Language Understanding
Sender analysis
Whois
SPF temp error
5mo ago
Jan 12th, 2026
Sublime Security
Spoofing
Header analysis
Spoofing
Header analysis
Page 1 of 2

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Body: Fake secure email portal with HTML obfuscation	5d ago Jun 18th, 2026	Sublime Security	Credential Phishing Evasion Social engineering Spoofing Content analysis HTML analysis URL analysis Sender analysis Threat intelligence
Brand impersonation: Bids & Tenders	6d ago Jun 17th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Spoofing Social engineering Sender analysis URL analysis Content analysis
Brand impersonation: Survey request with credential theft indicators	6d ago Jun 17th, 2026	Sublime Security	Credential Phishing Social engineering Impersonation: Brand Spoofing Content analysis Header analysis Natural Language Understanding Sender analysis
VIP Impersonation via Google Group relay with suspicious indicators	18d ago Jun 5th, 2026	Sublime Security	BEC/Fraud Credential Phishing Malware/Ransomware Evasion Free email provider Impersonation: Employee Social engineering Spoofing Content analysis Header analysis Natural Language Understanding Sender analysis
Service abuse: PayPal manager account creation with callback scam indicators	21d ago Jun 2nd, 2026	Sublime Security	Callback Phishing Credential Phishing Impersonation: Brand Social engineering Spoofing Sender analysis Content analysis Natural Language Understanding
Brand impersonation: DocuSign	22d ago Jun 1st, 2026	Sublime Security	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Spoofing Header analysis Sender analysis URL analysis
Headers: X-Source-Auth mismatch with mismatched reply-to domain	1mo ago May 21st, 2026	Sublime Security	BEC/Fraud Social engineering Spoofing Content analysis Header analysis Natural Language Understanding Sender analysis
Extortion / sextortion (untrusted sender)	1mo ago May 20th, 2026	Sublime Security	Extortion Social engineering Spoofing Content analysis Header analysis Natural Language Understanding Sender analysis
Link: BEC with newly registered domains and financial keywords	1mo ago May 1st, 2026	Sublime Security	BEC/Fraud Social engineering Evasion Spoofing Header analysis Sender analysis URL analysis
Attachment: ICS calendar with embedded file from internal sender with SPF failure	1mo ago Apr 28th, 2026	Sublime Security	Credential Phishing Spoofing Evasion ICS Phishing File analysis Header analysis Sender analysis
Headers: Self-sender using Microsoft CompAuth bypass with credential theft content	1mo ago Apr 27th, 2026	Sublime Security	Credential Phishing Spoofing Evasion Natural Language Understanding Header analysis Sender analysis
Body: Suspicious date format	2mo ago Apr 22nd, 2026	Sublime Security	Credential Phishing Evasion Spoofing Social engineering Content analysis
Attachment: PDF with credential theft language and invalid reply-to domain	2mo ago Apr 10th, 2026	Sublime Security	Credential Phishing PDF Social engineering Spoofing File analysis Header analysis Natural Language Understanding Content analysis
VIP impersonation: Fake thread with display name match, email mismatch	2mo ago Apr 3rd, 2026	Sublime Security	BEC/Fraud Evasion Impersonation: VIP Social engineering Spoofing Content analysis Header analysis Sender analysis Whois
Sender: IP address in local part	3mo ago Mar 12th, 2026	Sublime Security	Spam Credential Phishing BEC/Fraud Evasion Spoofing Sender analysis
Brand impersonation: Navan	4mo ago Feb 9th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Spoofing Sender analysis Natural Language Understanding URL analysis Content analysis
Reconnaissance: Empty subject with mismatched reply-to from new sender	4mo ago Feb 6th, 2026	Sublime Security	BEC/Fraud Credential Phishing Evasion Social engineering Spoofing Header analysis Sender analysis
Headers: Fake in-reply-to with wildcard sender and missing thread context	5mo ago Jan 23rd, 2026	Sublime Security	BEC/Fraud Credential Phishing Evasion Social engineering Spoofing Header analysis Sender analysis Content analysis
Vendor impersonation: Thread hijacking with typosquat domain	5mo ago Jan 12th, 2026	Sublime Security	BEC/Fraud Lookalike domain Social engineering Spoofing Content analysis Natural Language Understanding Sender analysis Whois
SPF temp error	5mo ago Jan 12th, 2026	Sublime Security	Spoofing Header analysis