Search the repository of unique attacks observed by the Abnormal Intelligence team.
Threat Actor Masquerades as Amazon Web Services Offering $300 Credit in Phishing Attack

An attacker attempts to steal sensitive information by impersonating AWS and encouraging the target to click a phishing link disguised as an application for an account credit.

UPS Impersonator Convincingly Incorporates Branding in Credential Theft Attempt

An attacker uses a fake failed delivery notification and invitation to sign up for UPS My Choice to compel a target to divulge sensitive information.

Likely AI-Generated Phishing Attack Spoofs Craigslist to Steal Payment Information

A cybercriminal impersonates Craigslist and sends a likely AI-generated email regarding a payment failure to convince the target to provide payment details.

Likely AI-Generated Phishing Attack Uses Compromised Email Account to Impersonate Australia and New Zealand Banking Group

Attackers use an AI-generated email to exploit the trust of a known brand and direct recipients to a phishing site under the guise of enhancing account security.

Phishing Attack Impersonates PT Federal International Finance to Steal Bitcoin Wallet Credentials

Attackers attempt to deceive the recipient with a fake Bitcoin funding notification, leading to credential theft via a fraudulent website.

Threat Actor Impersonates IRS and Manufactures Urgency in Likely AI-Generated Phishing Attack

An attacker poses as the IRS and claims there's an issue with the target's tax return to deceive them into revealing private information.

Threat Actor Hijacks Conversation Using Look-alike Domain in Attempt to Divert $17M Wire Transfer

Posing as a vendor, an attacker inserts themselves into an existing email thread and tries to redirect the payment for a multi-million dollar invoice.

Attacker Attempts to Stealthily Divert $1.4M AUD Using Look-alike Domain and Email Hijacking

By exploiting existing email conversations and using a look-alike domain, a threat actor attempts to compel a target to transfer funds to an account controlled by the attacker.

Meta Impersonator Exploits Legitimate Domain in Fake Account Deletion Notification to Steal Credentials

In this likely AI-generated attack, a threat actor poses as a Meta representative and uses a link hosted on a legitimate domain as the first step in a phishing attempt.

Threat Actor Convincingly Impersonates FedEx in Likely AI-Generated Credential Phishing Attack

An attacker incorporates FedEx branding into a fake notification of a pending package to trick a target into providing sensitive information.

Attacker Impersonates HR and Sends Bogus Employee Assessment Notification in Phishing Attempt

Using a spoofed email address, a threat actor poses as the target company's HR team and manufactures a sense of urgency to manipulate the recipient into visiting a phishing page.

Threat Actor Compromises Faculty Email to Phish University VIP in Likely AI-Generated Attack

After compromising a legitimate email account, an attacker attempts credential theft by inviting a target to apply for an employee benefits program.

Wells Fargo Impersonator Manufactures Urgency to Prompt Quick Action in Vishing Attempt

An attacker poses as the Wells Fargo fraud department and exploits the target's fear of losing access to their bank account to compel them to call a vishing number.

Threat Actor Uses Compromised Email to Target Internal Employees in Credential Phishing Attempt

After compromising an email address, an attacker sends a fake document notification to fellow employees linked to a fake Microsoft login page hosted by Webflow designed to steal credentials.

School District Administrative Assistant Impersonator Compromises Email to Attempt Credential Theft

After compromising a vendor’s email address, an attacker crafts a fake document notification linked to a fake Microsoft login page hosted by Webflow designed to steal credentials.

Multi-Step Credential Phishing and Malware Attack Utilizes Canva and Fake Microsoft Login Page

After compromising a legitimate email account, an attacker uses Canva to host a malicious redirect link before impersonating Microsoft to gain access to a target’s environment and install Malware.

Attacker Compromises Attorney’s Account and Creates Spoofed SharePoint Landing Page in Credential Theft Attempt

Using the compromised account of a real attorney, an attacker emails the target regarding outstanding invoices with a link to a fake SharePoint landing page.

Microsoft OneDrive Impersonator Spoofs Outlook Email and Creates Fake Login Page in Credential Phishing Attempt

After spoofing one of Microsoft’s real no-reply emails, an attacker sends an identical imitation of a OneDrive notification regarding recently deleted files, urging the target to take action.

Attacker Impersonates Cryptocurrency Service in Likely AI-Generated, Multi-Step Credential Theft Attempt

An attacker impersonates payment solutions provider Wirex using a convincing account verification email and branded phishing page to steal login credentials.

Multi-Step Vishing Attempt Features Impersonation of PayPal and McAfee

After spoofing a PayPal customer service email, an attacker sends a fraudulent notification regarding a bogus McAfee charge to compel the target to call a fake support center and cancel the transaction.


Attack Type

Impersonated Party

Impersonated Brand

Attack Goal

Attack Vector

Attack Tactic

Attack Theme

Attack Language


See How Abnormal Stops Emerging Attacks

See a Demo