Callback phishing via invoice abuse and distribution list relays

Sublime's Attack Spotlight series provides insights into the email threat landscape by highlighting real-world attack samples, such as recent callback phishing attacks leveraging techniques like Living Off the Land (LOTL) and automatic bulk email redirects. These attacks exploit legitimate services like Microsoft 365 and PayPal by using free, trial, or compromised accounts to send notifications via intermediary distribution lists, keeping the service account from being shut down while maintaining the original sender’s address. Attackers embed callback phishing information in invoices, prompting targets to call a number where the attacker can extract sensitive information. Sublime's AI-powered detection engine identifies these threats through signals such as brand impersonation, engaging language, and unusual sender behavior, thereby preventing these attacks and offering users a way to protect their environment by opening a free Sublime account.