The Attack Library is a searchable repository of unique attacks observed by the Abnormal Intelligence team. Each sample includes an overview of the attack, as well as an analysis of why each attack likely bypassed traditional email defenses, how it could have been stopped, and what the risk to an organization could be if the attack were successful.
BEC Attack Poses as a Factoring Company to Request Aging Report with Customer Payment Information

This BEC attack impersonated an external factoring company using a free webmail account with a customized impersonation username to request a copy of an updated aging report containing customer payment and contact information.

BEC Attack Targets Head of Human Resources to Request Copies of Employee W-2s

This BEC attack impersonated the company CEO using multiple free webmail accounts to request a copy of all employee W-2s.

Email Poses as an Incoming ACH Payment with HTML Attachment Leading to Branded Credential Phishing Page

This payload-based attack posed as a fake incoming ACH payment masked as an automated email from an internal company system, which contained an HTML attachment that led to a branded phishing page intended to steal the recipient’s credentials.

Hungarian BEC Attack Impersonates Executive to Request a Payment to a Fake UK Company

This Hungarian-language BEC attack impersonated a company executive using a freely-available Gmail account to request a payment to be sent to a fictitious company located in the United Kingdom.

Payload Credential Phishing Attack Poses as an HR Announcement About New Employee Benefits

This payload-based phishing attack posed as an announcement from the company human resources team about updates to the company’s employee benefits package and requested the recipient review a supposed updated handbook, which actually opened a phishing page to steal account credentials.

Phishing Attack Steals Credentials by Imitating HR Request to Review New Employee Handbook

This link-based attack imitated a company human resources email that announced the release of a new employee handbook, which included a link to a phishing page meant to steal an employee’s name and email credentials.

French-language BEC Attack Impersonates Executive Requesting Assistance in a Corporate Acquisition

This French-language BEC attack impersonated a company executive using a free webmail account created with a lookalike username to request assistance making a payment that was supposedly part of a corporate acquisition.

BEC Attack Impersonates a CEO Using a Combination of a Spoofed Email Address and Reply-to Address with a Mirrored Username

This BEC attack impersonated a company CEO using a combination of a spoofed email address and an account hosted on a malicious domain created with a username matching the CEO’s to request a fraudulent payment.

Extortion Attack Impersonates French Law Enforcement and Europol

This extortion attack impersonated French law enforcement and Europol to attempt to coerce a target into contacting a secondary email address using threats of arrest and media exposure.

BEC Attack Impersonates Distribution Supplier and Offers Discount as an Incentive for Quick Payment

This BEC attack impersonated an external distribution partner using a compromised account and encrypted email service to inquire about outstanding payments, update payment account information, and offer a discount as a quick payment incentive.

Italian-language BEC Attack Attempts to Divert Executive's Paycheck

This Italian-language BEC attack impersonated a company executive to request an update to their payroll account information that would divert future paychecks to a fraudulent account.

Response-based Phishing Attack Impersonates CFO to Compromise Australian myGov Credentials

This attack impersonated a company CFO using a pretext of employee rewards and recognition to solicit a response leading to a request for Australian myGov credentials.

Credential Phishing Attack Poses as an Automated Aging Report Notification

This payload-based attack posed as an aging report being shared by an automated internal system that contained an HTML attachment leading to a credential phishing page.

Blind Third Party Attack Impersonates Eurocontrol to Solicit Fraudulent Payment

This BEC attack impersonated Eurocontrol using a spoofed email address and a lookalike domain to pressure a target into sending a fraudulent payment for a supposed overdue payment.

Debt Collection Extortion Attack Threatens Legal Action

This extortion attack impersonated a debt collection company to try and pressure the recipient into sending a fraudulent payment to fulfill an outstanding debt by threatening legal action.

Impersonated CFO Requests Monero as a Payment for Debts Owed to a Creditor

This BEC attack impersonated a company CFO to request a payment to be made using Monero to fulfill supposed debts owed to a creditor.

Holiday-Themed BEC Attack Impersonates Executive Using Fake Email Thread to Request Overdue Payment to Third-Party Vendor

This holiday-themed BEC attack impersonated a company executive using a maliciously-registered domain to request a supposedly outstanding payment be made to a third-party vendor referenced in a fake email thread.

Multi-Stage Credential Phishing Attack Uses Office365-themed PDF Attachment and Legitimate Adobe Hosting Infrastructure

This payload-based attack contained a Office365-themed PDF attachment with an embedded link to a legitimate Adobe page, which included another link to a final credential phishing page.

Vendor Impersonation BEC Attack Uses Modified Legitimate Invoice to Solicit Fraudulent Payment

This BEC attack impersonated a third-party vendor to request a fraudulent payment using modified legitimate invoice and a look-alike domain that was very similar to the vendor’s legitimate domain.

Spanish-language BEC Attack Solicits Million Dollar Payment Using an Acquisition Theme

This Spanish-language BEC attack impersonating a company executive used the pretext of an acquisition of a foreign company and the introduction of a second persona to attempt to coerce an employee into sending a nearly $1 million payment.


Attack Type

Impersonated Party

Impersonated Brand

Attack Goal

Attack Vector

Attack Tactic

Attack Theme

Attack Language

See How Abnormal Stops Emerging Attacks

Get a Demo