Brand impersonation: Silicon Valley Bank

calendar Jan 12, 2026  ยท
Share on: linkedin copy

Detects emails that impersonate Silicon Valley Bank

Sublime rule (View on GitHub)

 1name: "Brand impersonation: Silicon Valley Bank"
 2description: "Detects emails that impersonate Silicon Valley Bank"
 3type: "rule"
 4severity: "medium"
 5source: |
 6  type.inbound
 7  and (
 8    regex.icontains(sender.email.domain.domain,
 9                    "(silicon(e)?.{0,10}(valley|bank)|svb)"
10    )
11    or strings.ilevenshtein(sender.display_name, 'svb') <= 1
12  )
13  and network.whois(sender.email.domain).days_old <= 30  
14attack_types:
15  - "Credential Phishing"
16tactics_and_techniques:
17  - "Impersonation: Brand"
18  - "Lookalike domain"
19  - "Social engineering"
20detection_methods:
21  - "Sender analysis"
22  - "Whois"
23id: "a01f61d9-a01a-548c-9a48-49f8d3732d05"
to-top