Service abuse: GetAccept callback scam content

calendar Jan 16, 2026  ·
Share on: linkedin copy

Detects callback scam language in messages sent through legitimate GetAccept infrastructure, indicating potential abuse of the service for fraudulent solicitation.

Sublime rule (View on GitHub)

 1name: "Service abuse: GetAccept callback scam content"
 2description: "Detects callback scam language in messages sent through legitimate GetAccept infrastructure, indicating potential abuse of the service for fraudulent solicitation."
 3type: "rule"
 4severity: "medium"
 5source: |
 6  type.inbound
 7  // Legitimate GetAccept sending infrastructure
 8  and sender.email.domain.root_domain == 'getaccept.com'
 9  and any(ml.nlu_classifier(body.current_thread.text).intents,
10          .name == "callback_scam"
11  )  
12
13attack_types:
14  - "Callback Phishing"
15tactics_and_techniques:
16  - "Out of band pivot"
17  - "Social engineering"
18detection_methods:
19  - "Content analysis"
20  - "Natural Language Understanding"
21  - "Sender analysis"
22id: "7ec2f70b-06e5-51bb-9ceb-a17cbe1e7ad5"
to-top