- Spoofing
Tactic or Technique: Spoofing
Spoofing is when attackers falsify sender information to make a message look like it came from someone you trust by forging a real email address.
Messages like this often impersonate executives, IT support, or vendors and can lead to stolen credentials, wire fraud, or malware infections. When the source looks trustworthy, you're more likely to follow instructions, click a link, or open a file without hesitation.
Spoofing is especially effective when email authentication protocols like SPF, DKIM, and DMARC aren’t properly enforced. Without those protections, it becomes much easier for attackers to get past both technical filters and human judgment.
Attack Types (4):
Detection Methods (9):
Rule Name & Severity | Last Updated | Author | Types, Tactics & Capabilities | |
|---|---|---|---|---|
Extortion / Sextortion in Attachment From Untrusted Sender | 16d ago Jun 2nd, 2025 UTC | Sublime Security | /feeds/core/detection-rules/extortion-sextortion-in-attachment-from-untrusted-sender-3cb8d32c | |
Extortion / sextortion (untrusted sender) | 16d ago Jun 2nd, 2025 UTC | Sublime Security | /feeds/core/detection-rules/extortion-sextortion-untrusted-sender-265913eb | |
Brand impersonation: DocuSign | 28d ago May 21st, 2025 UTC | Sublime Security | /feeds/core/detection-rules/brand-impersonation-docusign-4d29235c | |
Brand Impersonation: Navan | 2mo ago Apr 4th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/brand-impersonation-navan-3573e9a8 | |
DocuSign Impersonation via Spoofed Intuit Sender | 2mo ago Mar 26th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/docusign-impersonation-via-spoofed-intuit-sender-d437710b | |
Impersonation: SharePoint Reply Header Anomaly | 3mo ago Mar 3rd, 2025 UTC | Sublime Security | /feeds/core/detection-rules/impersonation-sharepoint-reply-header-anomaly-78875848 | |
Cyrillic vowel substitution in subject or display name from unknown sender | 6mo ago Dec 19th, 2024 UTC | Sublime Security | /feeds/core/detection-rules/cyrillic-vowel-substitution-in-subject-or-display-name-from-unknown-sender-74bc0b0c | |
VIP local_part impersonation from unsolicited sender | 7mo ago Nov 20th, 2024 UTC | Sublime Security | /feeds/core/detection-rules/vip-localpart-impersonation-from-unsolicited-sender-74035fdc | |
VIP impersonation: Fake thread with display name match, email mismatch | 10mo ago Jul 29th, 2024 UTC | Sublime Security | /feeds/core/detection-rules/vip-impersonation-fake-thread-with-display-name-match-email-mismatch-11cc3e28 | |
VIP Impersonation via Google Group relay with suspicious indicators | 1y ago May 3rd, 2024 UTC | Sublime Security | /feeds/core/detection-rules/vip-impersonation-via-google-group-relay-with-suspicious-indicators-57f9cd3b | |
Spoofable internal domain with suspicious signals | 1y ago May 3rd, 2024 UTC | Sublime Security | /feeds/core/detection-rules/spoofable-internal-domain-with-suspicious-signals-40089d69 | |
Brand spoof: Dropbox | 1y ago Apr 23rd, 2024 UTC | Sublime Security | /feeds/core/detection-rules/brand-spoof-dropbox-bd99740a | |
Business Email Compromise (BEC) attempt from unsolicited sender | 1y ago Apr 23rd, 2024 UTC | Sublime Security | /feeds/core/detection-rules/business-email-compromise-bec-attempt-from-unsolicited-sender-57eccc45 | |
SPF temp error | 2y ago Aug 21st, 2023 UTC | Sublime Security | /feeds/core/detection-rules/spf-temp-error-2df7e839 |