This attack features an impersonation of Apple, claiming there is an issue with the recipient's billing information. The attacker is attempting to steal personal information and credentials by enticing the recipient to click on a link in the email to update their account information. The email provides a link for the recipient to click on and update their account information, which is likely a malicious link attempting to steal personal information or credentials.

Older security tools struggle to detect this type of credential phishing attack since the sender’s domain age is over 20 years old, which is often seen as credible. Legacy tools also struggle to detect the unknown Fully Qualified Domain Name and often do an inadequate link analysis within the body content of the email. In this attack, several links and suspicious URLs are present. Advanced, AI-powered tools provide advanced domain analysis, detection of an unknown FQDN, and advanced link analysis to accurately identify this as an attack.

Status Bar Dots
Apple phishing

How Does This Attack Bypass Email Defenses?

This email attack bypasses traditional security solutions for multiple reasons, including the following:

  • Lack of Domain Age Check: Legacy email security tools often don't check the age of the domain from which an email originates. In this case, the sender's domain age is over 20 years ago, which could be seen as more credible by a legacy tool.
  • Inability to Detect Unknown FQDN and Email Addresses: Legacy tools may not recognize that the FQDN and email address are unknown to the company, lowering the chances of detecting this email as malicious.
  • Inadequate Link Analysis: Legacy email security tools may not fully analyze and assess the links present in the email body. In this case, there are several links and one with a suspicious URL, which a more advanced tool would flag for further investigation.

How Did Abnormal Detect This Attack?

This attack was detected using AI and ML by analyzing various factors, including the following:

  • Advanced Domain Analysis: Abnormal can evaluate the domain age and credibility, increasing the chances of detecting suspicious domains.
  • Detection of Unknown FQDN and Email Addresses: Abnormal’s AI-powered mechanisms can identify when an email originates from an unknown domain or email address, which helps in detecting malicious activity.
  • Advanced Link Analysis: By assessing the links present in the email body,  Abnormal can spot suspicious URLs, such as the one in this attack, raising a red flag for further investigation.

By recognizing established normal behavior and detecting these abnormal indicators, a modern email security solution has the ability to prevent this attack from reaching inboxes.

Please note the exact detection mechanism from Abnormal Security's system might include proprietary techniques and methodologies not disclosed here.

Analysis Overview




Credential Theft


Branded Phishing Page


Account Update

Impersonated Party


Impersonated Brands


See How Abnormal Stops Emerging Attacks

See a Demo