Sublime Security

Sublime Core Feed
Spoofing
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
ICS Phishing
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Tactic or Technique: Spoofing
Spoofing is when attackers falsify sender information to make a message look like it came from someone you trust by forging a real email address.
Messages like this often impersonate executives, IT support, or vendors and can lead to stolen credentials, wire fraud, or malware infections. When the source looks trustworthy, you're more likely to follow instructions, click a link, or open a file without hesitation.
Spoofing is especially effective when email authentication protocols like SPF, DKIM, and DMARC aren’t properly enforced. Without those protections, it becomes much easier for attackers to get past both technical filters and human judgment.
Blog Posts
Talking phish over turkey · Blog · Sublime Security
Adversarial ML: Extortion via LLM Manipulation Tactics · Blog · Sublime Security
Attack Types (5):
Credential Phishing
BEC/Fraud
Extortion
Spam
Malware/Ransomware
Detection Methods (9):
Header analysis
Sender analysis
URL analysis
Content analysis
Natural Language Understanding
File analysis
Whois
Computer Vision
Optical Character Recognition
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
Brand impersonation: DocuSign
19h ago
Jun 1st, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Spoofing
Header analysis
Sender analysis
URL analysis
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Spoofing
Header analysis
Sender analysis
URL analysis
Headers: X-Source-Auth mismatch with mismatched reply-to domain
12d ago
May 21st, 2026
Sublime Security
BEC/Fraud
Social engineering
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Social engineering
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Extortion / sextortion (untrusted sender)
13d ago
May 20th, 2026
Sublime Security
Extortion
Social engineering
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Extortion
Social engineering
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Link: BEC with newly registered domains and financial keywords
1mo ago
May 1st, 2026
Sublime Security
BEC/Fraud
Social engineering
Evasion
Spoofing
Header analysis
Sender analysis
URL analysis
BEC/Fraud
Social engineering
Evasion
Spoofing
Header analysis
Sender analysis
URL analysis
Attachment: ICS calendar with embedded file from internal sender with SPF failure
1mo ago
Apr 28th, 2026
Sublime Security
Credential Phishing
Spoofing
Evasion
ICS Phishing
File analysis
Header analysis
Sender analysis
Credential Phishing
Spoofing
Evasion
ICS Phishing
File analysis
Header analysis
Sender analysis
Headers: Self-sender using Microsoft CompAuth bypass with credential theft content
1mo ago
Apr 27th, 2026
Sublime Security
Credential Phishing
Spoofing
Evasion
Natural Language Understanding
Header analysis
Sender analysis
Credential Phishing
Spoofing
Evasion
Natural Language Understanding
Header analysis
Sender analysis
Body: Suspicious date format
1mo ago
Apr 22nd, 2026
Sublime Security
Credential Phishing
Evasion
Spoofing
Social engineering
Content analysis
Credential Phishing
Evasion
Spoofing
Social engineering
Content analysis
Attachment: PDF with credential theft language and invalid reply-to domain
1mo ago
Apr 10th, 2026
Sublime Security
Credential Phishing
PDF
Social engineering
Spoofing
File analysis
Header analysis
Natural Language Understanding
Content analysis
Credential Phishing
PDF
Social engineering
Spoofing
File analysis
Header analysis
Natural Language Understanding
Content analysis
VIP impersonation: Fake thread with display name match, email mismatch
1mo ago
Apr 3rd, 2026
Sublime Security
BEC/Fraud
Evasion
Impersonation: VIP
Social engineering
Spoofing
Content analysis
Header analysis
Sender analysis
Whois
BEC/Fraud
Evasion
Impersonation: VIP
Social engineering
Spoofing
Content analysis
Header analysis
Sender analysis
Whois
Sender: IP address in local part
2mo ago
Mar 12th, 2026
Sublime Security
Spam
Credential Phishing
BEC/Fraud
Evasion
Spoofing
Sender analysis
Spam
Credential Phishing
BEC/Fraud
Evasion
Spoofing
Sender analysis
Brand impersonation: Survey request with credential theft indicators
3mo ago
Feb 20th, 2026
Sublime Security
Credential Phishing
Social engineering
Impersonation: Brand
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Credential Phishing
Social engineering
Impersonation: Brand
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Brand impersonation: Navan
3mo ago
Feb 9th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Spoofing
Sender analysis
Natural Language Understanding
URL analysis
Content analysis
Credential Phishing
Impersonation: Brand
Social engineering
Spoofing
Sender analysis
Natural Language Understanding
URL analysis
Content analysis
Reconnaissance: Empty subject with mismatched reply-to from new sender
3mo ago
Feb 6th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Evasion
Social engineering
Spoofing
Header analysis
Sender analysis
BEC/Fraud
Credential Phishing
Evasion
Social engineering
Spoofing
Header analysis
Sender analysis
Headers: Fake in-reply-to with wildcard sender and missing thread context
4mo ago
Jan 23rd, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Evasion
Social engineering
Spoofing
Header analysis
Sender analysis
Content analysis
BEC/Fraud
Credential Phishing
Evasion
Social engineering
Spoofing
Header analysis
Sender analysis
Content analysis
Vendor impersonation: Thread hijacking with typosquat domain
4mo ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Lookalike domain
Social engineering
Spoofing
Content analysis
Natural Language Understanding
Sender analysis
Whois
BEC/Fraud
Lookalike domain
Social engineering
Spoofing
Content analysis
Natural Language Understanding
Sender analysis
Whois
SPF temp error
4mo ago
Jan 12th, 2026
Sublime Security
Spoofing
Header analysis
Spoofing
Header analysis
Service Abuse: Nifty.com with impersonation
4mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Spoofing
Sender analysis
Credential Phishing
Spoofing
Sender analysis
Headers: System account impersonation with empty sender address
4mo ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Impersonation: Employee
Social engineering
Spoofing
Header analysis
Sender analysis
Natural Language Understanding
BEC/Fraud
Credential Phishing
Impersonation: Employee
Social engineering
Spoofing
Header analysis
Sender analysis
Natural Language Understanding
Impersonation: SharePoint reply header anomaly
4mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Social engineering
Impersonation: Brand
Evasion
Spoofing
Header analysis
Content analysis
Sender analysis
Credential Phishing
Social engineering
Impersonation: Brand
Evasion
Spoofing
Header analysis
Content analysis
Sender analysis
Brand impersonation: State Farm
5mo ago
Dec 17th, 2025
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Spoofing
Header analysis
Sender analysis
Credential Phishing
Impersonation: Brand
Social engineering
Spoofing
Header analysis
Sender analysis
Page 1 of 2

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Brand impersonation: DocuSign	19h ago Jun 1st, 2026	Sublime Security	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Spoofing Header analysis Sender analysis URL analysis
Headers: X-Source-Auth mismatch with mismatched reply-to domain	12d ago May 21st, 2026	Sublime Security	BEC/Fraud Social engineering Spoofing Content analysis Header analysis Natural Language Understanding Sender analysis
Extortion / sextortion (untrusted sender)	13d ago May 20th, 2026	Sublime Security	Extortion Social engineering Spoofing Content analysis Header analysis Natural Language Understanding Sender analysis
Link: BEC with newly registered domains and financial keywords	1mo ago May 1st, 2026	Sublime Security	BEC/Fraud Social engineering Evasion Spoofing Header analysis Sender analysis URL analysis
Attachment: ICS calendar with embedded file from internal sender with SPF failure	1mo ago Apr 28th, 2026	Sublime Security	Credential Phishing Spoofing Evasion ICS Phishing File analysis Header analysis Sender analysis
Headers: Self-sender using Microsoft CompAuth bypass with credential theft content	1mo ago Apr 27th, 2026	Sublime Security	Credential Phishing Spoofing Evasion Natural Language Understanding Header analysis Sender analysis
Body: Suspicious date format	1mo ago Apr 22nd, 2026	Sublime Security	Credential Phishing Evasion Spoofing Social engineering Content analysis
Attachment: PDF with credential theft language and invalid reply-to domain	1mo ago Apr 10th, 2026	Sublime Security	Credential Phishing PDF Social engineering Spoofing File analysis Header analysis Natural Language Understanding Content analysis
VIP impersonation: Fake thread with display name match, email mismatch	1mo ago Apr 3rd, 2026	Sublime Security	BEC/Fraud Evasion Impersonation: VIP Social engineering Spoofing Content analysis Header analysis Sender analysis Whois
Sender: IP address in local part	2mo ago Mar 12th, 2026	Sublime Security	Spam Credential Phishing BEC/Fraud Evasion Spoofing Sender analysis
Brand impersonation: Survey request with credential theft indicators	3mo ago Feb 20th, 2026	Sublime Security	Credential Phishing Social engineering Impersonation: Brand Spoofing Content analysis Header analysis Natural Language Understanding Sender analysis
Brand impersonation: Navan	3mo ago Feb 9th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Spoofing Sender analysis Natural Language Understanding URL analysis Content analysis
Reconnaissance: Empty subject with mismatched reply-to from new sender	3mo ago Feb 6th, 2026	Sublime Security	BEC/Fraud Credential Phishing Evasion Social engineering Spoofing Header analysis Sender analysis
Headers: Fake in-reply-to with wildcard sender and missing thread context	4mo ago Jan 23rd, 2026	Sublime Security	BEC/Fraud Credential Phishing Evasion Social engineering Spoofing Header analysis Sender analysis Content analysis
Vendor impersonation: Thread hijacking with typosquat domain	4mo ago Jan 12th, 2026	Sublime Security	BEC/Fraud Lookalike domain Social engineering Spoofing Content analysis Natural Language Understanding Sender analysis Whois
SPF temp error	4mo ago Jan 12th, 2026	Sublime Security	Spoofing Header analysis
Service Abuse: Nifty.com with impersonation	4mo ago Jan 12th, 2026	Sublime Security	Credential Phishing Spoofing Sender analysis
Headers: System account impersonation with empty sender address	4mo ago Jan 12th, 2026	Sublime Security	BEC/Fraud Credential Phishing Impersonation: Employee Social engineering Spoofing Header analysis Sender analysis Natural Language Understanding
Impersonation: SharePoint reply header anomaly	4mo ago Jan 12th, 2026	Sublime Security	Credential Phishing Social engineering Impersonation: Brand Evasion Spoofing Header analysis Content analysis Sender analysis
Brand impersonation: State Farm	5mo ago Dec 17th, 2025	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Spoofing Header analysis Sender analysis