Search the repository of unique attacks observed by the Abnormal Intelligence team.
Threat Actor Sends Fake DocuSign Notification of Payroll and Benefits Update in QR Code Phishing Attack

An attacker attempts credential theft via a PDF attachment with DocuSign branding containing a QR code linked to a phishing site impersonating a Microsoft login page.

Attacker Uses Compromised Vendor Account to Hijack Conversation and Attempt Payment Fraud

After breaking into a vendor’s email account, an attacker creates a look-alike domain to send a large invoice and discuss rerouting payments to a new bank account.

IRS Impersonator Sends Fake eFax Notification Regarding Tax Documents to Attempt Credential Theft

An attacker capitalizes on the inherent urgency of tax season and attempts to trick a target into clicking a malicious JPG to view purported tax documents.

Capital One Impersonator Creates Authentic-Looking Landing Page in Credential Phishing Attempt

Using a legitimate sending domain as a mask and a spoofed display name, an attacker pretends to be from Capital One’s customer service team to steal login credentials.

Vendor Impersonator Uses Cleverly-Designed Fake Microsoft Excel Spreadsheet to Attempt Credential Theft

After spoofing a legitimate domain, an attacker uses a fake password-protected financial document to steal sensitive information.

Threat Actor Launches Vendor Email Compromise Attack to Reroute Invoice Payments

After breaking into a vendor’s email account, an attacker uses official-sounding language to mimic legitimate communications and attempt payment fraud.

Likely AI-Generated United Nations Impersonator Attempts Credential Vishing Using $3.5 Million Payout as Lure

In a modern twist on the classic “Nigerian Prince” scam, an attacker poses as a UN employee to establish trust and compel the target to contact them via the provided phone number.

Credential Phishing Attack Exploits Confusion Around Bittrex Bankruptcy Proceedings to Steal Credentials

Threat actors launch highly targeted and sophisticated phishing attack to trick former Bittrex users into divulging sensitive information.

Financial Services Scam Exploits Middle East Crisis to Attempt Cryptocurrency Fraud

By playing on the sympathy of the recipients, the attacker hopes they can persuade targets to send funds to the provided cryptocurrency wallets.

Threat Actor Impersonates Santander Consumer Bank in Credential Phishing Attack

An attacker poses as a bank representative and creates a sense of urgency regarding the target’s credit card to compel them to click an embedded phishing link.

PayPal Impersonator Uses Social Engineering and Masked Phishing Link to Attempt Credential Theft

A phisher uses a spoofed domain to send a malicious email that incorporates PayPal's branding and creates a sense of urgency around potential account closure.

Fake Billing Scam Leverages Look-alike Domain to Send Fraudulent $1,000,000 Invoice

Using a look-alike domain, an attacker impersonates a vendor and sends a remittance request for a fake invoice totaling nearly $1,000,000.

Attacker Provides Bogus Contact Info to Boost Credibility in Fake Loan Offer Scam Targeting Students

After spoofing a legitimate email address, a threat actor sends university students a fraudulent offer for loan services and includes seemingly accurate contact information.

Vendor Impersonator Uses Fake Invoice Notification In Credential Theft Attempt

By compromising a legitimate domain, an attacker hopes to entice the target to a credential phishing website where sensitive information like payment details can be stolen.

Disney+ Impersonator Creates Multi-Stage Vishing and Fake Billing Scam Attack Using Personalized Attachments

An attacker uses a look-alike domain and Disney+ branding to trick a target into calling a fake customer service phone number related to a new Disney+ subscription.

Phisher Impersonates Amazon and Reports Issue with Prime Membership to Prompt Target to Share Sensitive Information

Threat actor attempts to fraudulently obtain credentials and/or payment details using Amazon-branded PDF containing an embedded phishing link.

DHL Impersonator Spoofs Legitimate Domain to Send Fake Failed Shipment Notification in Phishing Attack

An attacker attempts to steal sensitive information by encouraging the recipient to use a masked phishing link to update their shipping address for a pending delivery.

Threat Actor Spoofs Legitimate Domain in Dual Credential Phishing Attack and Fake Billing Scam

An attacker attempts to steal login credentials and also reroute payments by sharing a fraudulent invoice behind a fake Adobe Acrobat login screen.

HR Impersonator Provides Fake Payroll Update in Credential Theft Attempt

By creating a sense of urgency and using official-sounding language, an attacker attempts to compel the target to click a phishing link purportedly related to payroll updates.

NDM Hospitality Impersonator Hijacks Email Thread in Convincing Credential Phishing Attack

An attacker compromises a vendor account and sends the target a fake Microsoft SharePoint link purportedly to a time-sensitive service agreement.

Filters

Attack Type

Impersonated Party

Impersonated Brand

Attack Goal

Attack Vector

Attack Tactic

Attack Theme

Attack Language

AI-Generated

See How Abnormal Stops Emerging Attacks

See a Demo