EXPLORE

EXPLORE DETECTIONS

🔍
1,155 detections found

Brand Impersonation: Gemini Trust Company

Detects messages impersonating Gemini Trust Company through analysis of footer content, social media links, and address verification, excluding legitimate communications from authenticated Gemini domains.

T1566T1566.001T1566.002T1598T1598.003
Sublimemedium

Brand impersonation: Github

Impersonation of Github.

T1566T1566.001T1566.002T1598T1598.003+1
Sublimehigh

Brand impersonation: Github (sawfish campaign)

Impersonation of Github, potentially as part of the sawfish campaign, seeking to harvest Github credentials.

Sublimehigh

Brand impersonation: GitHub with callback scam indicators

Detects messages using GitHub's noreply address that contain callback scam language, brand impersonation tactics, or fraudulent purchase/payment content with phone numbers for victim contact.

T1566.003T1598T1566.002T1598.003T1566
Sublimemedium

Brand impersonation: GoDaddy

Detects messages where the sender is impersonating GoDaddy through display name manipulation or lookalike domains, while not being legitimately authenticated from GoDaddy's infrastructure.

T1566T1566.001T1566.002T1598T1598.003
Sublimemedium

Brand Impersonation: Google (QR Code)

Detects messages using Google based lures, referencing or including a QR code from an Unsolicited sender. These messages often lead users to phishing sites or initiate unwanted downloads.

T1566T1566.001T1566.002T1598T1598.003
Sublimehigh

Brand impersonation: Google Careers

Detects messages impersonating Google Careers or job opportunities in multiple languages that contain links to domains other than Google's legitimate domains, from senders not authenticated as Google.

T1566T1566.001T1566.002T1598T1598.003
Sublimehigh

Brand impersonation: Google Drive fake file share

This rule detects messages impersonating a Google Drive file sharing email where no links point to known Google domains.

T1566T1566.001T1566.002T1598T1204.002+2
Sublimemedium

Brand impersonation: Google fake sign-in warning

Detects messages with image attachments containing fake Google sign-in warnings with no links leading to Google sites.

T1566T1566.001T1566.002T1598T1598.003
Sublimehigh

Brand impersonation: Google Meet with malicious link

Detects messages with 'Join with Google Meet' display text that redirects to domains other than meet.google.com.

T1566T1566.001T1566.002T1598T1598.003
Sublimemedium

Brand impersonation: Google using Microsoft Forms

Abuses Microsoft Forms to impersonate Google.

T1566T1566.001T1566.002T1598T1598.003+1
Sublimehigh

Brand impersonation: Google Workspace alert notification

Detects messages impersonating Google Workspace alert notifications that use Google branding elements, workspace-specific terminology, and admin console references, but originate from non-Google domains and contain suspicious links.

T1566T1566.001T1566.002T1598T1598.003+1
Sublimemedium

Brand impersonation: Government / Tax Authority document lure

Detects messages impersonating government and tax authorities (such as the IRS, SSA, Department of Treasury, and similar agencies) that contain suspicious document-related links. The rule identifies either download calls-to-action pointing to low-reputation or free subdomain hosts, or phishing-kit URLs that embed the impersonated organization's name in the path. Credential theft intent is confirmed via NLP analysis, and trusted sender domains are only flagged when DMARC authentication fails.

T1566T1566.001T1566.002T1598T1598.003+1
Sublimemedium

Brand impersonation: Greenvelope

Detects messages impersonating Greenvelope invitations not originating from legitimate Greenvelope domain.

T1566T1566.001T1566.002T1598T1598.003
Sublimemedium

Brand impersonation: Gusto

Impersonation of Gusto, a cloud-based payroll management company.

T1566T1566.001T1566.002T1598T1598.003+1
Sublimemedium

Brand impersonation: Hulu

Impersonation of Hulu.

T1566T1566.001T1566.002T1598T1598.003+1
Sublimemedium

Brand impersonation: Interac

Impersonation of the Canadian interbanking network Interac. Seen in the wild impersonating carbon tax rebates and tax return refunds.

T1566.002T1534T1656T1598.003T1583.001+2
Sublimemedium

Brand impersonation: Internal Revenue Service

Detects messages from senders posing as the Internal Revenue Service by checking display name similarity and content indicators from body text and screenshots. Excludes legitimate IRS domains and authenticated senders.

T1566.002T1534T1656T1566T1566.001+2
Sublimehigh

Brand impersonation: KnowBe4

Impersonation of KnowBe4.

T1566T1566.001T1566.002T1598T1598.003+1
Sublimemedium

Brand impersonation: LastPass

Detects messages impersonating the password manager LastPass that contain suspicious language about maintenance, vault exports, or master passwords.

T1566T1566.001T1566.002T1598T1598.003
Sublimehigh

Brand impersonation: Ledger

Attack impersonating hardware cryptocurrency wallet ledger.com's brand.

T1566T1566.001T1566.002T1598T1598.003+1
Sublimelow

Brand impersonation: LinkedIn

Impersonation of LinkedIn.

T1566T1566.001T1566.002T1598T1598.003+1
Sublimemedium

Brand impersonation: Mailchimp

Detects messages from senders impersonating Mailchimp through display name spoofing or brand logo usage, combined with security-themed content and suspicious authentication patterns.

T1566T1566.001T1566.002T1598T1598.003
Sublimemedium

Brand impersonation: Mailgun

Impersonation of the Mailgun Email delivery platform.

T1566T1566.001T1566.002T1598T1534+2
Sublimemedium
PreviousPage 15 of 49Next