Search the repository of unique attacks observed by the Abnormal Intelligence team.
Canada Post Impersonator Uses Japanese Domain in Credential Theft Attempt

A threat actor spoofs a Japanese domain and impersonates Canada Post to prompt targets to click on a credential phishing link.

Attacker Compromises New Jersey Department of Health Email Account and Sends Fake Document with Masked Phishing Link

After compromising the account, an attacker creates a fake document purporting to be a faxed invoice that includes a masked phishing link.

Chase Bank Impersonator Utilizes Google Drive to Send Masked Phishing Link Embedded in PDF Attachment

By creating a sense of urgency around unauthorized account activity and using a display name that includes "Chase Bank," the attacker aims to compel the recipient to take action.

PayPal Impersonator Uses PandaDoc to Send Fake Document in Credential Theft Attempt

An attacker claims to be from PayPal investigating a fraudulent transaction and requests sensitive information from the target to complete a verification process.

Trust Wallet Impersonator Combines Email Spoofing and Social Engineering in Credential Phishing Attack

An attacker attempts credential theft by impersonating Trust Wallet and sending a phishing link disguised as an account verification page.

Multi-Layer Instagram Impersonator Creates Several Fake Landing Pages in Sophisticated Credential Phishing Attempt

An attacker informs the target about copyright infringement and provides a fake form and login page to steal login credentials.

Likely AI-Generated Credential Vishing Attack Features Impersonation of Walmart

An attacker attempts to create a sense of urgency and compel the target to call a fake customer service number by sending a bogus receipt for a recent iPhone purchase.

HR Impersonator Spoofs Healthcare Advisory Company to Attempt Credential Theft

Using a “two-bridge[.]com” domain as a mask, an attacker sends a credential phishing email disguised as an HR department update regarding approval of a new company handbook.

UPS Impersonator Uses Compromised Account in Credential Phishing Attempt

After compromising a legitimate domain, an attacker impersonates UPS and asks the recipient to verify shipping information via a phishing link.

Attacker Uses Adobe Acrobat’s File Sharing System in Cleverly Designed Credential Theft Attempt

After compromising the email account of a Vanguard Cleaning Systems employee, an attacker creates a legitimate-looking PDF with a masked phishing link to steal credentials.

MetaMask Impersonator Disguises Credential Phishing Attack as Know Your Customer (KYC) Verification

Using a legitimate Turkish domain, an attacker attempts credential theft by applying social engineering to convince a target their cryptocurrency wallet is at risk of suspension.

Likely AI-Generated Financial Services Scam Features Social Engineering Techniques for Future Credential Theft

An attacker attempts to develop trust with a recipient and set the stage for future credential theft by referencing past interactions and updates on a $800,000 investment.

Likely AI-Generated Microsoft Impersonator Sends Fake Attachment in Malware Attack

Using a legitimate domain as a mask, an attacker attempts to infect a recipient’s computer with malware via an HTML attachment.

Amazon Customer Service Impersonator Uses Masked Phishing Link in Credential Phishing Attack

An attacker pretends to be from Amazon customer service and informs the recipient that their account is locked because of suspicious account activity.

Chatham Financial Impersonator Utilizes Masked Phishing Link in Fake Billing Scam

After compromising a domain, an attacker creates a fake Microsoft SharePoint attachment viewer in an attempt to steal money and sensitive information.

Sophisticated Credential Theft Attempt Features a Compromised Domain and Fake Landing Page

After compromising a legitimate domain, an attacker creates a fake landing page and impersonates an internal IT admin to attempt credential theft.

Multi-Layered Credential Phishing Attempt Features a Compromised Domain and a Masked Phishing Link

After compromising a Titan Worldwide domain, an attacker pastes previous conversations and a masked phishing link into an email in an attempt to steal sensitive information.

Likely AI-Generated Credential Phishing Attack Features Impersonation of Medicare Australia

An attacker pretends to be from Medicare Australia and informs the recipient that their Medicare services have been suspended due to insufficient contact information.

Salesforce Impersonator Utilizes Look-Alike Domain in Fake Billing Scam

An attacker creates a domain visually similar to Salesforce [.]com, engages the target, and then forwards the thread to another colleague, heightening the chances of a successful scam.

National Health Service Spoofer Compromises Domain and Sends Masked Phishing Link in PNG Attachment

An attacker uses a legitimate NHS domain and Microsoft SharePoint to trick a recipient into clicking on a masked phishing link and exposing sensitive information.


Attack Type

Impersonated Party

Impersonated Brand

Attack Goal

Attack Vector

Attack Tactic

Attack Theme

Attack Language


See How Abnormal Stops Emerging Attacks

Get a Demo