Tactic or Technique: Spoofing

Spoofing is when attackers falsify sender information to make a message look like it came from someone you trust by forging a real email address.
Messages like this often impersonate executives, IT support, or vendors and can lead to stolen credentials, wire fraud, or malware infections. When the source looks trustworthy, you're more likely to follow instructions, click a link, or open a file without hesitation.
Spoofing is especially effective when email authentication protocols like SPF, DKIM, and DMARC aren’t properly enforced. Without those protections, it becomes much easier for attackers to get past both technical filters and human judgment.
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
VIP impersonation: Fake thread with VIPs missing email metadata
3d ago
Jul 13th, 2026
Sublime Security
Impersonation: Employee name in subject with suspicious sender
6d ago
Jul 10th, 2026
Sublime Security
Service abuse: Facebook mail notification callback scam
7d ago
Jul 9th, 2026
Sublime Security
VIP impersonation: VIP name within a delimited subject with fake previous threads
8d ago
Jul 8th, 2026
Sublime Security
VIP impersonation: Fabricated thread history with fake VIP recipients
8d ago
Jul 8th, 2026
Sublime Security
Link: Suspicious wp-admin path from mismatched sender domain
17d ago
Jun 29th, 2026
Sublime Security
BEC: Financial fraud from newly registered sender domain
21d ago
Jun 25th, 2026
Sublime Security
Body: Fake secure email portal with HTML obfuscation
28d ago
Jun 18th, 2026
Sublime Security
Brand impersonation: Bids & Tenders
29d ago
Jun 17th, 2026
Sublime Security
Brand impersonation: Survey request with credential theft indicators
29d ago
Jun 17th, 2026
Sublime Security
VIP Impersonation via Google Group relay with suspicious indicators
1mo ago
Jun 5th, 2026
Sublime Security
Service abuse: PayPal manager account creation with callback scam indicators
1mo ago
Jun 2nd, 2026
Sublime Security
Brand impersonation: DocuSign
1mo ago
Jun 1st, 2026
Sublime Security
Headers: X-Source-Auth mismatch with mismatched reply-to domain
1mo ago
May 21st, 2026
Sublime Security
Extortion / sextortion (untrusted sender)
1mo ago
May 20th, 2026
Sublime Security
Link: BEC with newly registered domains and financial keywords
2mo ago
May 1st, 2026
Sublime Security
Attachment: ICS calendar with embedded file from internal sender with SPF failure
2mo ago
Apr 28th, 2026
Sublime Security
Headers: Self-sender using Microsoft CompAuth bypass with credential theft content
2mo ago
Apr 27th, 2026
Sublime Security
Body: Suspicious date format
2mo ago
Apr 22nd, 2026
Sublime Security
Attachment: PDF with credential theft language and invalid reply-to domain
3mo ago
Apr 10th, 2026
Sublime Security