Attack Library
Threat Actors Impersonate Squarespace with Fake Account Suspension Notification Designed to Steal Sensitive Information
Cybercriminals use a fraudulent email about a payment failure impacting domain renewal to steal sensitive information from unsuspecting recipients.
DHL Impersonator Leverages Spoofed Email and Mimicked Branding in Credential Theft Attempt
Cybercriminals use a fraudulent delivery interruption notice to trick recipients into visiting a malicious website and disclosing private details.
Phishing Attack Impersonates Apple with Fake "Apple ID Locked" Notification to Steal Sensitive Information
Threat actors use the fear of losing access to a critical account to trick recipients into revealing personal details.
Microsoft Impersonator Sends Fraudulent Device Registration Alert in Vishing Attack
A threat actor uses a bogus security notification to trick the target into calling a fake support number and divulging private details.
Cybercriminals Pose as Capital One and Incorporate Official Branding in Fake Refund Notification
Attackers exploit the fear of delayed access to funds to trick recipients into disclosing sensitive account information.
Threat Actors Impersonate Zoom and Use Fake Branded Login Page and CAPTCHA to Steal Credentials
Cybercriminals exploit the familiarity of Zoom invitations to trick recipients into revealing sensitive information.
Disney+ Impersonator Uses Security Update as Ruse to Steal Payment Information
A cybercriminal claims regulatory changes have restricted the target’s Disney+ account access and urges them to update payment details using the provided link.
Phisher Impersonates RingCentral and Sends Fake Voicemail Notification to Steal Credentials
Cybercriminals use a free Japanese hosting service to send fake voicemail alerts, aiming to steal sensitive login details.
Attacker Impersonates Government Official to Deceive Target Using Threat of Prosecution in Sophisticated Vishing Scheme
A threat actor claims the target’s social security number is being used fraudulently and will be suspended to convince them to call the provided contact number.
Cybercriminals Impersonate Apple to Trick Recipients Into Providing Sensitive Information
Using a spoofed email address, a threat actor claims the target is at risk of losing access to Apple Pay to convince them to visit a phishing site.
Threat Actor Impersonates Social Security Administration Using Malicious Gmail Account in Vishing Attack
A cybercriminal attempts to manipulate the target into calling a fake contact number for the Office of Inspector General by claiming fraudulent financial activity has been discovered.
Phisher Convincingly Impersonates Adobe Acrobat Sign to Steal Login Credentials
Cybercriminals exploit the urgency of a signature request to trick recipients into visiting a phishing site under the guise of reviewing a confidentiality agreement.
Phishing Attack Exploits Eventbrite Branding to Steal Sensitive Information via Malicious Domain
Cybercriminals impersonate Eventbrite in an urgent email to deceive recipients into verifying account details through a phishing link.
Threat Actors Impersonate OpenSea with Fake Item Sale Notification to Steal Sensitive Information
Cybercriminals exploit the excitement of a successful NFT transaction to trick recipients into visiting a phishing site.
Phishing Attack Impersonates Organ Transplant Organization Employee to Deliver Fake Voicemail
Cybercriminals use compromised email accounts to trick recipients into visiting a phishing site under the guise of a missed voicemail notification
Threat Actor Exploits Fear of a Data Breach to Distribute Malware in Likely AI-Generated Attack
Cybercriminals attempt to convince targets their private data has been compromised in order to trick them into downloading malware from a legitimate file-sharing site.
Attackers Convincingly Impersonate UPS and Use Fake Shipment Notification to Steal Payment Details
Threat actors attempt to deceive targets into providing credit card information under the pretense of fixing a problem with a pending shipment.
Attacker Uses Compromised Email and Legitimate File-Hosting Service in Phishing Attempt
Cybercriminals impersonate a vendor and exploit document sharing to deceive recipients and access confidential data.
Attacker Poses as HR Manager and Attempts Credential Theft via Branded Phishing Page
Using a spoofed email address, the threat actor sends a fake notification regarding employee benefits to compel the target to click on a phishing link.
Attackers Use Compromised Email and Multiple Verification Tests to Disguise Phishing Attempt
Cybercriminals exploit a compromised email address and use a fake document notification to lure recipients into revealing sensitive information.