Callback phishing with online appointment abuse and distribution lists

Sublime's Attack Spotlight series highlights real-world email threats, focusing on callback phishing attacks that exploit legitimate communication channels to evade detection. A recent example involved adversaries using a bank's "Request a Meeting" form to distribute phishing emails, cleverly mixing financial and tech support narratives to prompt recipients to call specific phone numbers. These emails, sent to distribution lists, maintain a legitimate appearance as they originate from recognized domains, making them less likely to be flagged as suspicious. Sublime's AI-powered detection engine effectively identifies such attacks by recognizing patterns like mismatched contexts, multiple call-to-action phone numbers, and urgent language. The series underscores the importance of adaptive security measures that leverage AI and machine learning to detect subtle inconsistencies in seemingly legitimate communications.