Brand impersonation: Ripple

May 15, 2026 · Cryptocurrency ·

Attack impersonating Ripple cryptocurrency, potentially in the form of a giveaway scam.

Sublime rule (View on GitHub)

 1name: "Brand impersonation: Ripple"
 2description: |
 3    Attack impersonating Ripple cryptocurrency, potentially in the form of a giveaway scam.
 4references:
 5  - "https://ripple.com/insights/how-to-spot-xrp-giveaway-scams/"
 6  - "https://support.gatehub.net/hc/en-us/articles/360014496899-Phishing-email-spoofs-Ripple"
 7type: "rule"
 8severity: "low"
 9source: |
10  type.inbound
11  and regex.imatch(sender.display_name, '\bripple\b')
12  and sender.email.domain.root_domain not in ("ripple.com", "ripplejobs.co.uk")  
13tags:
14  - "Cryptocurrency"
15attack_types:
16  - "Credential Phishing"
17tactics_and_techniques:
18  - "Impersonation: Brand"
19  - "Social engineering"
20detection_methods:
21  - "Sender analysis"
22id: "68b39736-70e0-5bf7-8a0a-3e2206552251"

Related rules

Attachment: PDF file with link to fake Bitcoin exchange
Brand impersonation: Exodus
Brand impersonation: Coinbase
Brand impersonation: Binance
Brand impersonation: Stellar Development Foundation (SDF)