Service abuse: Calendly callback scam detection

calendar May 21, 2026  ·
Share on: linkedin copy

Detects inbound messages from Calendly's notification system that contain callback scam content, as identified through natural language processing with medium or high confidence levels.

Sublime rule (View on GitHub)

 1name: "Service abuse: Calendly callback scam detection"
 2description: "Detects inbound messages from Calendly's notification system that contain callback scam content, as identified through natural language processing with medium or high confidence levels."
 3type: "rule"
 4severity: "medium"
 5source: |
 6  type.inbound
 7  and sender.email.email == "no-reply@calendly.com"
 8  and any(ml.nlu_classifier(body.current_thread.text).intents,
 9          .name == "callback_scam" and .confidence != "low"
10  )  
11attack_types:
12  - "Callback Phishing"
13tactics_and_techniques:
14  - "Social engineering"
15  - "Impersonation: Brand"
16detection_methods:
17  - "Natural Language Understanding"
18  - "Sender analysis"
19id: "646f5d81-c830-5122-9b73-283cc918373c"
to-top