Sublime Security

Sublime Core Feed
Spoofing
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Tactic or Technique: Spoofing
Spoofing is when attackers falsify sender information to make a message look like it came from someone you trust by forging a real email address.
Messages like this often impersonate executives, IT support, or vendors and can lead to stolen credentials, wire fraud, or malware infections. When the source looks trustworthy, you're more likely to follow instructions, click a link, or open a file without hesitation.
Spoofing is especially effective when email authentication protocols like SPF, DKIM, and DMARC aren’t properly enforced. Without those protections, it becomes much easier for attackers to get past both technical filters and human judgment.
Blog Posts
Talking phish over turkey · Blog · Sublime Security
Adversarial ML: Extortion via LLM Manipulation Tactics · Blog · Sublime Security
Attack Types (5):
Credential Phishing
BEC/Fraud
Spam
Extortion
Malware/Ransomware
Detection Methods (9):
Header analysis
Sender analysis
URL analysis
File analysis
Natural Language Understanding
Content analysis
Whois
Computer Vision
Optical Character Recognition
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
Brand impersonation: DocuSign
3d ago
Apr 17th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Spoofing
Header analysis
Sender analysis
URL analysis
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Spoofing
Header analysis
Sender analysis
URL analysis
Attachment: PDF with credential theft language and invalid reply-to domain
10d ago
Apr 10th, 2026
Sublime Security
Credential Phishing
PDF
Social engineering
Spoofing
File analysis
Header analysis
Natural Language Understanding
Content analysis
Credential Phishing
PDF
Social engineering
Spoofing
File analysis
Header analysis
Natural Language Understanding
Content analysis
VIP impersonation: Fake thread with display name match, email mismatch
17d ago
Apr 3rd, 2026
Sublime Security
BEC/Fraud
Evasion
Impersonation: VIP
Social engineering
Spoofing
Content analysis
Header analysis
Sender analysis
Whois
BEC/Fraud
Evasion
Impersonation: VIP
Social engineering
Spoofing
Content analysis
Header analysis
Sender analysis
Whois
Sender: IP address in local part
1mo ago
Mar 12th, 2026
Sublime Security
Spam
Credential Phishing
BEC/Fraud
Evasion
Spoofing
Sender analysis
Spam
Credential Phishing
BEC/Fraud
Evasion
Spoofing
Sender analysis
Brand impersonation: Survey request with credential theft indicators
1mo ago
Feb 20th, 2026
Sublime Security
Credential Phishing
Social engineering
Impersonation: Brand
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Credential Phishing
Social engineering
Impersonation: Brand
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Brand impersonation: Navan
2mo ago
Feb 9th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Spoofing
Sender analysis
Natural Language Understanding
URL analysis
Content analysis
Credential Phishing
Impersonation: Brand
Social engineering
Spoofing
Sender analysis
Natural Language Understanding
URL analysis
Content analysis
Reconnaissance: Empty subject with mismatched reply-to from new sender
2mo ago
Feb 6th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Evasion
Social engineering
Spoofing
Header analysis
Sender analysis
BEC/Fraud
Credential Phishing
Evasion
Social engineering
Spoofing
Header analysis
Sender analysis
Headers: Fake in-reply-to with wildcard sender and missing thread context
2mo ago
Jan 23rd, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Evasion
Social engineering
Spoofing
Header analysis
Sender analysis
Content analysis
BEC/Fraud
Credential Phishing
Evasion
Social engineering
Spoofing
Header analysis
Sender analysis
Content analysis
Extortion / sextortion (untrusted sender)
2mo ago
Jan 22nd, 2026
Sublime Security
Extortion
Social engineering
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Extortion
Social engineering
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Vendor impersonation: Thread hijacking with typosquat domain
3mo ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Lookalike domain
Social engineering
Spoofing
Content analysis
Natural Language Understanding
Sender analysis
Whois
BEC/Fraud
Lookalike domain
Social engineering
Spoofing
Content analysis
Natural Language Understanding
Sender analysis
Whois
Impersonation: SharePoint reply header anomaly
3mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Social engineering
Impersonation: Brand
Evasion
Spoofing
Header analysis
Content analysis
Sender analysis
Credential Phishing
Social engineering
Impersonation: Brand
Evasion
Spoofing
Header analysis
Content analysis
Sender analysis
Headers: System account impersonation with empty sender address
3mo ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Impersonation: Employee
Social engineering
Spoofing
Header analysis
Sender analysis
Natural Language Understanding
BEC/Fraud
Credential Phishing
Impersonation: Employee
Social engineering
Spoofing
Header analysis
Sender analysis
Natural Language Understanding
Service Abuse: Nifty.com with impersonation
3mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Spoofing
Sender analysis
Credential Phishing
Spoofing
Sender analysis
SPF temp error
3mo ago
Jan 12th, 2026
Sublime Security
Spoofing
Header analysis
Spoofing
Header analysis
Brand impersonation: State Farm
4mo ago
Dec 17th, 2025
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Spoofing
Header analysis
Sender analysis
Credential Phishing
Impersonation: Brand
Social engineering
Spoofing
Header analysis
Sender analysis
Body: Embedded email headers indicative of thread hijacking/abuse
4mo ago
Dec 1st, 2025
Sublime Security
Credential Phishing
BEC/Fraud
Spam
Evasion
Social engineering
Spoofing
Content analysis
Header analysis
Sender analysis
Credential Phishing
BEC/Fraud
Spam
Evasion
Social engineering
Spoofing
Content analysis
Header analysis
Sender analysis
VIP Impersonation via Google Group relay with suspicious indicators
5mo ago
Nov 12th, 2025
Sublime Security
BEC/Fraud
Credential Phishing
Malware/Ransomware
Evasion
Free email provider
Impersonation: Employee
Social engineering
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Credential Phishing
Malware/Ransomware
Evasion
Free email provider
Impersonation: Employee
Social engineering
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Headers: Outlook Express mailer
5mo ago
Nov 6th, 2025
Sublime Security
BEC/Fraud
Credential Phishing
Malware/Ransomware
Evasion
Spoofing
Header analysis
BEC/Fraud
Credential Phishing
Malware/Ransomware
Evasion
Spoofing
Header analysis
Attachment: ICS calendar with embedded file from internal sender with SPF failure
6mo ago
Oct 22nd, 2025
Sublime Security
Credential Phishing
Spoofing
Evasion
File analysis
Header analysis
Sender analysis
Credential Phishing
Spoofing
Evasion
File analysis
Header analysis
Sender analysis
VIP local_part impersonation from unsolicited sender
8mo ago
Aug 12th, 2025
Sublime Security
Impersonation: VIP
Spoofing
Header analysis
Sender analysis
Impersonation: VIP
Spoofing
Header analysis
Sender analysis
Page 1 of 2

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Brand impersonation: DocuSign	3d ago Apr 17th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Spoofing Header analysis Sender analysis URL analysis
Attachment: PDF with credential theft language and invalid reply-to domain	10d ago Apr 10th, 2026	Sublime Security	Credential Phishing PDF Social engineering Spoofing File analysis Header analysis Natural Language Understanding Content analysis
VIP impersonation: Fake thread with display name match, email mismatch	17d ago Apr 3rd, 2026	Sublime Security	BEC/Fraud Evasion Impersonation: VIP Social engineering Spoofing Content analysis Header analysis Sender analysis Whois
Sender: IP address in local part	1mo ago Mar 12th, 2026	Sublime Security	Spam Credential Phishing BEC/Fraud Evasion Spoofing Sender analysis
Brand impersonation: Survey request with credential theft indicators	1mo ago Feb 20th, 2026	Sublime Security	Credential Phishing Social engineering Impersonation: Brand Spoofing Content analysis Header analysis Natural Language Understanding Sender analysis
Brand impersonation: Navan	2mo ago Feb 9th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Spoofing Sender analysis Natural Language Understanding URL analysis Content analysis
Reconnaissance: Empty subject with mismatched reply-to from new sender	2mo ago Feb 6th, 2026	Sublime Security	BEC/Fraud Credential Phishing Evasion Social engineering Spoofing Header analysis Sender analysis
Headers: Fake in-reply-to with wildcard sender and missing thread context	2mo ago Jan 23rd, 2026	Sublime Security	BEC/Fraud Credential Phishing Evasion Social engineering Spoofing Header analysis Sender analysis Content analysis
Extortion / sextortion (untrusted sender)	2mo ago Jan 22nd, 2026	Sublime Security	Extortion Social engineering Spoofing Content analysis Header analysis Natural Language Understanding Sender analysis
Vendor impersonation: Thread hijacking with typosquat domain	3mo ago Jan 12th, 2026	Sublime Security	BEC/Fraud Lookalike domain Social engineering Spoofing Content analysis Natural Language Understanding Sender analysis Whois
Impersonation: SharePoint reply header anomaly	3mo ago Jan 12th, 2026	Sublime Security	Credential Phishing Social engineering Impersonation: Brand Evasion Spoofing Header analysis Content analysis Sender analysis
Headers: System account impersonation with empty sender address	3mo ago Jan 12th, 2026	Sublime Security	BEC/Fraud Credential Phishing Impersonation: Employee Social engineering Spoofing Header analysis Sender analysis Natural Language Understanding
Service Abuse: Nifty.com with impersonation	3mo ago Jan 12th, 2026	Sublime Security	Credential Phishing Spoofing Sender analysis
SPF temp error	3mo ago Jan 12th, 2026	Sublime Security	Spoofing Header analysis
Brand impersonation: State Farm	4mo ago Dec 17th, 2025	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Spoofing Header analysis Sender analysis
Body: Embedded email headers indicative of thread hijacking/abuse	4mo ago Dec 1st, 2025	Sublime Security	Credential Phishing BEC/Fraud Spam Evasion Social engineering Spoofing Content analysis Header analysis Sender analysis
VIP Impersonation via Google Group relay with suspicious indicators	5mo ago Nov 12th, 2025	Sublime Security	BEC/Fraud Credential Phishing Malware/Ransomware Evasion Free email provider Impersonation: Employee Social engineering Spoofing Content analysis Header analysis Natural Language Understanding Sender analysis
Headers: Outlook Express mailer	5mo ago Nov 6th, 2025	Sublime Security	BEC/Fraud Credential Phishing Malware/Ransomware Evasion Spoofing Header analysis
Attachment: ICS calendar with embedded file from internal sender with SPF failure	6mo ago Oct 22nd, 2025	Sublime Security	Credential Phishing Spoofing Evasion File analysis Header analysis Sender analysis
VIP local_part impersonation from unsolicited sender	8mo ago Aug 12th, 2025	Sublime Security	Impersonation: VIP Spoofing Header analysis Sender analysis