Service abuse: Monday.com callback scam

calendar Jan 26, 2026  ·
Share on: linkedin copy

Detects callback scam solicitations originating from Monday.com's notification system using natural language understanding to identify fraudulent callback language in the message body.

Sublime rule (View on GitHub)

 1name: "Service abuse: Monday.com callback scam"
 2description: "Detects callback scam solicitations originating from Monday.com's notification system using natural language understanding to identify fraudulent callback language in the message body."
 3type: "rule"
 4severity: "medium"
 5source: |
 6  type.inbound
 7  and sender.email.email == "notifications@monday.com"
 8  and any(ml.nlu_classifier(body.current_thread.text).intents,
 9          .name == "callback_scam"
10  )  
11attack_types:
12  - "Callback Phishing"
13tactics_and_techniques:
14  - "Social engineering"
15  - "Out of band pivot"
16detection_methods:
17  - "Content analysis"
18  - "Natural Language Understanding"
19  - "Sender analysis"
20id: "82cf4502-d060-50b7-b002-5c45146f786e"
to-top