heroui logo

Callback phishing via Zelle Service Abuse

Sublime Rules

View Source
Summary
The detection rule identifies callback phishing attempts that utilize Zelle services to perpetrate fraudulent payment requests. Key indicators of this threat include the presence of specific phrases in the email body and subject, as well as the absence of attachments. The detection focuses on email subjects that may contain confusables resembling phone numbers, which are characteristic of these phishing communications. The body of the email is scrutinized for behavioral patterns typical of scams, such as invoking urgency or buddying through social engineering tactics. The rule employs a combination of string matching, regex patterns, and natural language understanding classifiers to enhance detection efficacy. It flags emails with critical phrases indicative of phishing tactics and examines both the headers and content of the messages to thwart such attacks effectively.
Categories
  • Web
  • Identity Management
  • Endpoint
Data Sources
  • User Account
  • Application Log
  • Network Traffic
Created: 2025-02-24