Attack Library
Threat Actor Exploits BlockFi Shutdown to Steal User Credentials in Likely AI-Generated Phishing Attack
Cybercriminals impersonate BlockFi, preying on former customers with bogus notifications regarding potential fund withdrawals.
Fake Stripe Chargeback Alert Exploits PandaDoc to Steal Business Credentials
Attackers impersonate Stripe and exploit trusted document-sharing services to deceive business owners into revealing sensitive information.
Spoofed American Express Security Alert Exploits Urgency to Steal Credentials
Phishers send a bogus fraudulent activity notification to trick recipients into revealing sensitive information.
American Express Impersonator Uses Verification Request to Steal Data in Likely AI-Generated Phishing Attack
Cybercriminals pose as American Express, and attempt to deceive recipients into providing sensitive information.
Etsy Impersonators Use Policy Violation Alert to Attempt Sensitive Data Theft in Likely AI-Generated Attack
Threat actors pose as Etsy and claim the target’s account has been suspended to deceive them into providing private information.
Fake Netflix Billing Alert Exploits Urgency to Steal User Information
Phishing attack uses a lookalike domain to impersonate Netflix and harvest login credentials and payment details.
Phishing Attack Mimics Microsoft Teams Alert to Steal Sensitive Information
Cybercriminals use a spoofed address to send a fake message notification designed to trick recipients into revealing private information.
Spoofed DHL Email with Malicious QR Code Targets Recipients in Likely AI-Generated Credential Theft Attempt
Attackers impersonate DHL and email a PDF attachment containing a malicious QR code linked to a phishing page.
Spoofed Capital One Email Uses Account Freeze Alert to Steal Credentials
Phishing attack exploits urgency and trust to deceive recipients into revealing sensitive information.
Fake Shopify Deactivation Notice Exploits Telegram to Harvest Sensitive Information in Likely AI-Generated Attack
Cybercriminals impersonate Shopify to mislead recipients into engaging with a fraudulent Telegram support account.
Attacker Impersonates Australia Post Using Spoofed Address and Sends Bogus Delivery Alert to Attempt Credential Theft
Utilizing a spoofed sender address that closely resembles a legitimate email address, a threat actor hopes to trick targets into divulging private information.
DHL Impersonator Uses Spoofed Email and Microsoft CAPTCHA to Trick Targets in Phishing Attack
Threat actors hope to deceive recipients into revealing sensitive information by leveraging mimicked branding and spoofed versions of familiar security mechanisms.
Cybercriminals Send Bogus Microsoft Email System Update Alert in Likely AI-Generated Phishing Attack
Threat actors impersonate Microsoft and use a fake notification regarding a critical error to deceive targets into revealing sensitive information.
Phishers Pose as Amazon and Use Fraudulent Payment Alert to Steal Sensitive Information
Attackers impersonate Amazon and claim there is an issue with the target’s Prime account in hopes of deceiving them into revealing private data.
Netflix Impersonator Attempts Credential Theft in Likely AI-Generated Phishing Attack
Utilizing a look-alike domain and mimicked branding, threat actors hope to deceive targets into revealing sensitive information.
Attacker Impersonates Instagram and Uses Fake Verified Badge Notification to Steal Credentials
Cybercriminals mimic Instagram and Meta branding in a malicious email and spoofed login portal in this phishing attack.
Threat Actors Exploit Docusign to Share Link to Spoofed Microsoft Login and Steal Credentials
An attacker uses Docusign to share a document containing a malicious link hidden behind a Cloudflare Turnstile.
Attackers Weaponize Zoom Docs to Phish Targets Using Fake Microsoft Portal
A threat actor exploits Zoom Docs to deliver a file with a malicious link that utilizes a Cloudflare Turnstile before redirecting to a phishing page.
Fake Quickbooks Suspension Email Aims to Steal Account Information in Likely AI-Generated Phishing Attack
Using a spoofed email, threat actors impersonate Quickbooks and attempt to manipulate targets into revealing sensitive information.
Virgin Media Impersonator Sends Fake Security Update to Steal Login Credentials
Threat actors exploit an iCloud address to attempt credential theft via a malicious login portal featuring mimicked branding.
Phishing Attack Impersonates MetaMask with Fake KYC Verification Request
Cybercriminals exploit urgency and KYC compliance to trick recipients into revealing sensitive cryptocurrency wallet information.
Threat Actor Poses as Newrez and Uses Spoofed Email to Send Fake Loan Payoff Request in Phishing Attack
Cybercriminals impersonate a mortgage lender and use a fake notification of a new message to trick recipients into disclosing sensitive information.
Phishing Attack Mimics Capital One Password Reset Notification to Steal Login Credentials
Cybercriminals exploit the fear of an unauthorized password reset to deceive recipients into revealing sensitive information.
TD Bank Impersonator Uses Fake Contact Information Verification Request in Phishing Attack
Cybercriminals use a spoofed email and impersonated branding to pose as TD Bank and attempt to trick recipients into revealing sensitive information.
Phishing Attack Uses Compromised Account to Send Text-Free Email with Link to PDF Hosted on SharePoint
Threat actor sends fraudulent notification of online fax containing purchase order for review to compel target to view PDF containing phishing link.
Cybercriminals Impersonate Santander Bank with Fake Identity Verification in Credential Theft Attempt
A threat actor sends a fraudulent unauthorized transaction alert to trick targets into providing sensitive information.
Phishing Attack Disguised as Timesheet Update from HR Attempts to Steal Personal Data
Threat actors impersonate the target’s internal HR department to deceive recipients into revealing confidential information.
Threat Actors Use Fake Bank of America Security Alert to Attempt Credential Theft
Cybercriminals use bogus security notifications to exploit fear of account issues and harvest sensitive information.
monday.com Impersonator Sends Fake HR Update in Likely-AI Generated Phishing Attack
Cybercriminals use a fraudulent employee code of conduct update to manipulate recipients into revealing private details.
Threat Actors Impersonate Squarespace with Fake Account Suspension Notification Designed to Steal Sensitive Information
Cybercriminals use a fraudulent email about a payment failure impacting domain renewal to steal sensitive information from unsuspecting recipients.
DHL Impersonator Leverages Spoofed Email and Mimicked Branding in Credential Theft Attempt
Cybercriminals use a fraudulent delivery interruption notice to trick recipients into visiting a malicious website and disclosing private details.
Phishing Attack Impersonates Apple with Fake "Apple ID Locked" Notification to Steal Sensitive Information
Threat actors use the fear of losing access to a critical account to trick recipients into revealing personal details.
Cybercriminals Pose as Capital One and Incorporate Official Branding in Fake Refund Notification
Attackers exploit the fear of delayed access to funds to trick recipients into disclosing sensitive account information.
Threat Actors Impersonate Zoom and Use Fake Branded Login Page and CAPTCHA to Steal Credentials
Cybercriminals exploit the familiarity of Zoom invitations to trick recipients into revealing sensitive information.
Disney+ Impersonator Uses Security Update as Ruse to Steal Payment Information
A cybercriminal claims regulatory changes have restricted the target’s Disney+ account access and urges them to update payment details using the provided link.
Phisher Impersonates RingCentral and Sends Fake Voicemail Notification to Steal Credentials
Cybercriminals use a free Japanese hosting service to send fake voicemail alerts, aiming to steal sensitive login details.
Cybercriminals Impersonate Apple to Trick Recipients Into Providing Sensitive Information
Using a spoofed email address, a threat actor claims the target is at risk of losing access to Apple Pay to convince them to visit a phishing site.
Phisher Convincingly Impersonates Adobe Acrobat Sign to Steal Login Credentials
Cybercriminals exploit the urgency of a signature request to trick recipients into visiting a phishing site under the guise of reviewing a confidentiality agreement.
Phishing Attack Exploits Eventbrite Branding to Steal Sensitive Information via Malicious Domain
Cybercriminals impersonate Eventbrite in an urgent email to deceive recipients into verifying account details through a phishing link.
Threat Actors Impersonate OpenSea with Fake Item Sale Notification to Steal Sensitive Information
Cybercriminals exploit the excitement of a successful NFT transaction to trick recipients into visiting a phishing site.
Phishing Attack Impersonates Organ Transplant Organization Employee to Deliver Fake Voicemail
Cybercriminals use compromised email accounts to trick recipients into visiting a phishing site under the guise of a missed voicemail notification
Attackers Convincingly Impersonate UPS and Use Fake Shipment Notification to Steal Payment Details
Threat actors attempt to deceive targets into providing credit card information under the pretense of fixing a problem with a pending shipment.
Attacker Uses Compromised Email and Legitimate File-Hosting Service in Phishing Attempt
Cybercriminals impersonate a vendor and exploit document sharing to deceive recipients and access confidential data.
Attacker Poses as HR Manager and Attempts Credential Theft via Branded Phishing Page
Using a spoofed email address, the threat actor sends a fake notification regarding employee benefits to compel the target to click on a phishing link.
Attackers Use Compromised Email and Multiple Verification Tests to Disguise Phishing Attempt
Cybercriminals exploit a compromised email address and use a fake document notification to lure recipients into revealing sensitive information.
Likely AI-Generated Phishing Attack Exploits Compromised Email to Impersonate New York State Department of Taxation
Cybercriminals manufacture a sense of urgency with a fake tax violation notice to trick recipients into disclosing sensitive information.
DHL Impersonator Sends Fraudulent Failed Delivery Notification Containing Malicious QR Code
An attacker claims a pending delivery is awaiting address confirmation to deceive the target into visiting a phishing site.
Attacker Sends Bogus Fax Notification Using Spoofed Email to Attempt Credential Theft
Cybercriminals impersonate an internal communication system to trick recipients into visiting a phishing site disguised as a Microsoft Outlook portal.
Cybercriminals Use Look-Alike Domain to Impersonate NFT Marketplace OpenSea and Steal Sensitive Information
Threat actors exploit the appeal of an exclusive financial offer to deceive recipients into compromising their security.
Phisher Impersonates Booking.com to Steal Sensitive Information via Fake Customer Complaint Email
Cybercriminals exploit the trusted name of Booking.com to deceive recipients into entering personal details into a fraudulent login page.
Phisher Impersonates Regions Bank and Sends Fraudulent Account Verification Request in Likely AI-Generated Attack
Cybercriminals create a sense of urgency with a spoofed Regions Bank email, tricking recipients into divulging personal details through a phishing site.
Phishing Attack Exploits Compromised Email to Impersonate Amazon and Steal Sensitive Information
Cybercriminals attempt to manipulate recipients into updating payment details on a fraudulent website by posing as Amazon.
Cybercriminals Pose as Capital One Using a Spoofed Email in Credential Phishing Attack
A threat actor sends a fraudulent account alert linked to a phishing website to deceive recipients into revealing confidential information.
Phishing Attack Impersonates myGov Using Spoofed Email to Steal Sensitive Information
Attackers exploit the urgency of government notifications to deceive recipients into providing personal details through a fake myGov email.
Apple Pay Impersonator Spoofs Legitimate Domain to Steal Login Credentials in Likely AI-Generated Attack
Attackers exploit the urgency of unauthorized activity alerts to deceive recipients into providing sensitive information.
American Express Impersonator Uses URL Shortener and Spoofed Email Address in Phishing Attack
Attackers exploit the urgency of credit issues to deceive recipients into providing personal details through a spoofed American Express email.
Attacker Impersonates Chicago Title Insurance Company Using Compromised Email to Steal Sensitive Information
Threat actor sends fraudulent file-sharing notification linked to cleverly disguised phishing website to deceive recipients into revealing confidential information.
Amazon Impersonator Uses Potentially Compromised Email to Steal Login Credentials in Likely AI-Generated Phishing Attack
Attackers use a spoofed email address and exploit the urgency of security issues with an Amazon account to deceive the recipient into providing sensitive information.
Threat Actor Uses Spoofed Email Address and Malicious QR Code to Attempt Credential Theft
An attacker impersonates an internal HR department to manipulate employees into scanning a malicious QR code under the guise of viewing benefits information.
Phishing Attack Impersonates Dashlane Using Lookalike Domain to Steal Sensitive Information
Attackers exploit the urgency of account verification to deceive recipients into disclosing personal data through a spoofed Dashlane email.
Threat Actors Impersonate IRS and ID.me in Sophisticated Phishing Attempt
Using a spoofed email and a convincing phishing site, attackers attempt to steal sensitive information under the guise of identity verification.
DHL Impersonator Uses Spoofed Email to Trick Recipients into Paying Fraudulent Fees
Attackers exploit the urgency of parcel delivery issues to steal payment details via a spoofed DHL email.
Phisher Impersonates Roundcube and Uses Deceptive Gmail Address to Attempt Credential Theft
An attacker creates a sense of urgency by threatening email discontinuation and prompts the recipient to enter account information into a phishing page mimicking a legitimate login portal.
Phishing Attack Impersonates Wells Fargo Using Newly-Registered Domain to Steal Sensitive Information
Attackers use a malicious email and fraudulent website to exploit the urgency of account security and deceive recipients.
Threat Actor Impersonates Spotify and Attempts to Steal Payment Details in Likely AI-Generated Phishing Attack
Attackers use a spoofed email to exploit the trust of Spotify users and direct them to a phishing site under the guise of updating payment information.
PayPal Impersonator Sends Fraudulent Account Notification Using Spoofed Email Address to Steal Account Credentials
An attacker poses as PayPal and attempts to exploit the fear of account compromise to compel targets to log into a fake website.
Threat Actor Impersonates Bankrupt Cryptocurrency Exchange FTX Trading Ltd. in Likely AI-Generated Phishing Attack
Attackers exploit the demise of FTX Trading Ltd. to deceive recipients into divulging sensitive information through a fraudulent withdrawal scheme.
Phisher Expertly Impersonates DHL Branding in Likely AI-Generated Attack
Using a fraudulent notification regarding a delivery issue, an attacker hopes to compel a target to divulge sensitive information.
Phishing Attack Impersonates Bendigo and Adelaide Bank to Harvest Personal Information
Attackers exploit a compromised email account to deceive recipients with an urgent account verification request.
Phisher Impersonates SiriusXM and Sends Fake Cancellation Notice to Harvest Credit Card Details
By posing as SiriusXM and offering a free 90-day subscription extension, an attacker hopes to convince the target to provide their credit card information.
Threat Actor Masquerades as Amazon Web Services Offering $300 Credit in Phishing Attack
An attacker attempts to steal sensitive information by impersonating AWS and encouraging the target to click a phishing link disguised as an application for an account credit.
UPS Impersonator Convincingly Incorporates Branding in Credential Theft Attempt
An attacker uses a fake failed delivery notification and invitation to sign up for UPS My Choice to compel a target to divulge sensitive information.
Likely AI-Generated Phishing Attack Spoofs Craigslist to Steal Payment Information
A cybercriminal impersonates Craigslist and sends a likely AI-generated email regarding a payment failure to convince the target to provide payment details.
Likely AI-Generated Phishing Attack Uses Compromised Email Account to Impersonate Australia and New Zealand Banking Group
Attackers use an AI-generated email to exploit the trust of a known brand and direct recipients to a phishing site under the guise of enhancing account security.
Phishing Attack Impersonates PT Federal International Finance to Steal Bitcoin Wallet Credentials
Attackers attempt to deceive the recipient with a fake Bitcoin funding notification, leading to credential theft via a fraudulent website.
Threat Actor Impersonates IRS and Manufactures Urgency in Likely AI-Generated Phishing Attack
An attacker poses as the IRS and claims there's an issue with the target's tax return to deceive them into revealing private information.
Meta Impersonator Exploits Legitimate Domain in Fake Account Deletion Notification to Steal Credentials
In this likely AI-generated attack, a threat actor poses as a Meta representative and uses a link hosted on a legitimate domain as the first step in a phishing attempt.
Threat Actor Convincingly Impersonates FedEx in Likely AI-Generated Credential Phishing Attack
An attacker incorporates FedEx branding into a fake notification of a pending package to trick a target into providing sensitive information.
Attacker Impersonates HR and Sends Bogus Employee Assessment Notification in Phishing Attempt
Using a spoofed email address, a threat actor poses as the target company's HR team and manufactures a sense of urgency to manipulate the recipient into visiting a phishing page.
Threat Actor Compromises Faculty Email to Phish University VIP in Likely AI-Generated Attack
After compromising a legitimate email account, an attacker attempts credential theft by inviting a target to apply for an employee benefits program.
Threat Actor Uses Compromised Email to Target Internal Employees in Credential Phishing Attempt
After compromising an email address, an attacker sends a fake document notification to fellow employees linked to a fake Microsoft login page hosted by Webflow designed to steal credentials.
School District Administrative Assistant Impersonator Compromises Email to Attempt Credential Theft
After compromising a vendor’s email address, an attacker crafts a fake document notification linked to a fake Microsoft login page hosted by Webflow designed to steal credentials.
Multi-Step Credential Phishing and Malware Attack Utilizes Canva and Fake Microsoft Login Page
After compromising a legitimate email account, an attacker uses Canva to host a malicious redirect link before impersonating Microsoft to gain access to a target’s environment and install Malware.
Attacker Compromises Attorney’s Account and Creates Spoofed SharePoint Landing Page in Credential Theft Attempt
Using the compromised account of a real attorney, an attacker emails the target regarding outstanding invoices with a link to a fake SharePoint landing page.
Microsoft OneDrive Impersonator Spoofs Outlook Email and Creates Fake Login Page in Credential Phishing Attempt
After spoofing one of Microsoft’s real no-reply emails, an attacker sends an identical imitation of a OneDrive notification regarding recently deleted files, urging the target to take action.
Attacker Impersonates Cryptocurrency Service in Likely AI-Generated, Multi-Step Credential Theft Attempt
An attacker impersonates payment solutions provider Wirex using a convincing account verification email and branded phishing page to steal login credentials.
Likely AI-Generated Coinbase Impersonator Creates Fake Landing Page in Multi-Step Credential Phishing Attack
By mimicking Coinbase’s branding in both the email and landing page, an attacker attempts to create a sense of urgency around suspicious account activity and prompt immediate action from the target.
Attacker Exploits Google Sites and Uses Compromised Vendor Account to Spoof Docusign in Phishing Attempt
Leveraging a compromised external vendor account, an attacker sends a fake Docusign notification linked to a Google Sites page containing a phishing link to steal sensitive information.
DocuSign Impersonator Sends Bogus Tax-Related Email to Lure Target to Credential Phishing Website
By posing as a trusted brand and manufacturing a sense of urgency, an attacker hopes to deceive a target into providing sensitive information.
Attacker Compromises Vendor Account and Uses Confluence Page to Attempt Credential Theft
A threat actor masks a phishing link to a fake Microsoft login page in a Confluence notification sent from a compromised vendor account.
Threat Actor Poses as Vendor and Sends Fake QuickBooks Notification to Attempt Credential Theft
A threat actor fabricates a QuickBooks notification and sends a target a phishing link, purportedly to a password-protected overdue invoice.
Threat Actor Compromises Account of Construction Project Manager and Uses Content-Sharing Platform to Send Fake RFP
An attacker attempts to trick a target into revealing sensitive information by using a compromised email account and a legitimate content-sharing platform.
Attacker Impersonates Company Admin in Clever Credential Phishing Attempt
A threat actor uses a fake message delivery failure notification and fabricated authentication processes to try to convince a target to reveal sensitive information.
Credential Phisher Uses Legitimate Email Marketing Platform to Send Fake Voicemail Alert
After compromising a Constant Contact account, the attacker impersonates a law firm and sends a fake voicemail notification to attempt credential theft.
Threat Actor Poses as Microsoft and Leverages Open Redirect in Clever Credential Phishing Attack
After registering a legitimate Microsoft-based email account, an attacker sends a fake Microsoft voicemail notification to deceive a target into entering sensitive information.
Attacker Uses Compromised Email to Send Fake Microsoft OneDrive Notification in Credential Phishing Attack
A threat actor exploits the reputation of an established domain to send an email with an embedded image of a fabricated file-sharing notification linked to a phishing page.
Microsoft Impersonator Uses Malicious QR Code in Credential Phishing Attack
An attacker emails a fake password expiration notification with a malicious QR code linked to a phishing site.
PayPal Impersonator Uses Spoofed Email Hosted on Legitimate Domain to Attempt Credential Theft
An attacker mimics PayPal branding and uses an Outlook address with a spoofed sender name to compel a target to click a malicious link.
Vendor Impersonation Attack Utilizes Salesforce Link in Attempt to Steal Sensitive Information
After compromising a vendor’s domain, an attacker attempts to compel a target to click a phishing link disguised as a shared document.
Microsoft Impersonator Spoofs Voicemail Service and Uses QR Code in Attempted Credential Theft
By crafting an email that resembles a voicemail notification from Microsoft, an attacker hopes the target will scan a malicious QR code that leads to a credential phishing website.
Adobe Acrobat Sign Impersonator Sends Fake Document Notification Linked to Branded Office 365 Phishing Page
An attacker attempts to steal sensitive information using a fraudulent electronic signature request for a nonexistent NDA.
Attacker Uses Spoofed Domain to Send Fake Voicemail Notification Linked to Phishing Page
An attacker mimics a voice messaging service to lure a target to enter login credentials on a counterfeit landing page.
Threat Actor Sends Fake DocuSign Notification of Payroll and Benefits Update in QR Code Phishing Attack
An attacker attempts credential theft via a PDF attachment with DocuSign branding containing a QR code linked to a phishing site impersonating a Microsoft login page.
IRS Impersonator Sends Fake eFax Notification Regarding Tax Documents to Attempt Credential Theft
An attacker capitalizes on the inherent urgency of tax season and attempts to trick a target into clicking a malicious JPG to view purported tax documents.
Capital One Impersonator Creates Authentic-Looking Landing Page in Credential Phishing Attempt
Using a legitimate sending domain as a mask and a spoofed display name, an attacker pretends to be from Capital One’s customer service team to steal login credentials.
Vendor Impersonator Uses Cleverly-Designed Fake Microsoft Excel Spreadsheet to Attempt Credential Theft
After spoofing a legitimate domain, an attacker uses a fake password-protected financial document to steal sensitive information.
Threat Actor Impersonates Santander Consumer Bank in Credential Phishing Attack
An attacker poses as a bank representative and creates a sense of urgency regarding the target’s credit card to compel them to click an embedded phishing link.
PayPal Impersonator Uses Social Engineering and Masked Phishing Link to Attempt Credential Theft
A phisher uses a spoofed domain to send a malicious email that incorporates PayPal's branding and creates a sense of urgency around potential account closure.
Vendor Impersonator Uses Fake Invoice Notification In Credential Theft Attempt
By compromising a legitimate domain, an attacker hopes to entice the target to a credential phishing website where sensitive information like payment details can be stolen.
Phisher Impersonates Amazon and Reports Issue with Prime Membership to Prompt Target to Share Sensitive Information
Threat actor attempts to fraudulently obtain credentials and/or payment details using Amazon-branded PDF containing an embedded phishing link.
DHL Impersonator Spoofs Legitimate Domain to Send Fake Failed Shipment Notification in Phishing Attack
An attacker attempts to steal sensitive information by encouraging the recipient to use a masked phishing link to update their shipping address for a pending delivery.
Threat Actor Spoofs Legitimate Domain in Dual Credential Phishing Attack and Fake Billing Scam
An attacker attempts to steal login credentials and also reroute payments by sharing a fraudulent invoice behind a fake Adobe Acrobat login screen.
HR Impersonator Provides Fake Payroll Update in Credential Theft Attempt
By creating a sense of urgency and using official-sounding language, an attacker attempts to compel the target to click a phishing link purportedly related to payroll updates.
NDM Hospitality Impersonator Hijacks Email Thread in Convincing Credential Phishing Attack
An attacker compromises a vendor account and sends the target a fake Microsoft SharePoint link purportedly to a time-sensitive service agreement.
University HR Admin Impersonator Uses QR Code and Fake Microsoft Login Page in Credential Theft Attempt
Using official-sounding language, university branding, and a believable premise, an attacker attempts to steal sensitive information.
Attacker Compromises Legitimate Account and Embeds Phishing Link in Fake QuickBooks Payment Notification
Using a compromised email address, the threat actor sends a purposefully vague payment confirmation with an embedded phishing link.
Threat Actor Exploits Dynamics 365 Customer Voice in Phishing Attack Targeting Executive at Global Insurance Distributor
An attacker compromises an external account and embeds a phishing link in a Microsoft survey tool disguised as a document-sharing notification.
OpenSea Impersonator Creates Fake Landing Page in Sophisticated Credential Phishing Attack
After compromising a known domain, the attacker creates a fake landing page that mimics OpenSea’s official website and leverages social engineering to create a sense of urgency and persuade the target to take action.
Cleverly Designed Credential Phishing Attempt Impersonates Microsoft and Utilizes Authentic-Looking Fake Landing Page
Using a real domain as a mask, an attacker sends an image attachment with a QR code to entice the target to follow the link to reauthenticate MFA on a fake landing page.
Credential Phisher Utilizes Look-alike Domain and Fake Microsoft SharePoint Landing Page to Steal Sensitive Information
An attacker gets engagement from the target after discussing an RFQ and uses Microsoft survey forms to create a spoofed SharePoint link to appear legitimate.
Attacker Exploits Trusted Brands and Impersonates Financial Services Provider to Attempt Credential Phishing
In this credential phishing attack, the threat actor sends a fake invoice payment confirmation with a phishing link obscured using a URL shortener.
AT&T Mail Impersonator Uses Google Slides to Mask Link to Phishing Site Disguised as Login Page
A threat actor sends an account expiration notification with a link to a Google Slides presentation containing an embedded phishing link.
Attacker Compromises Account to Send Malicious Link to Fake Microsoft Login Page Designed to Steal Sensitive Information
After compromising a pro-manchester email account, a threat actor uses Monograph to host a malicious link that sends the target to a fake Microsoft login page.
Canada Post Impersonator Uses Japanese Domain in Credential Theft Attempt
A threat actor spoofs a Japanese domain and impersonates Canada Post to prompt targets to click on a credential phishing link.
Attacker Compromises New Jersey Department of Health Email Account and Sends Fake Document with Masked Phishing Link
After compromising the account, an attacker creates a fake document purporting to be a faxed invoice that includes a masked phishing link.
Chase Bank Impersonator Utilizes Google Drive to Send Masked Phishing Link Embedded in PDF Attachment
By creating a sense of urgency around unauthorized account activity and using a display name that includes "Chase Bank," the attacker aims to compel the recipient to take action.
PayPal Impersonator Uses PandaDoc to Send Fake Document in Credential Theft Attempt
An attacker claims to be from PayPal investigating a fraudulent transaction and requests sensitive information from the target to complete a verification process.
Trust Wallet Impersonator Combines Email Spoofing and Social Engineering in Credential Phishing Attack
An attacker attempts credential theft by impersonating Trust Wallet and sending a phishing link disguised as an account verification page.
Multi-Layer Instagram Impersonator Creates Several Fake Landing Pages in Sophisticated Credential Phishing Attempt
An attacker informs the target about copyright infringement and provides a fake form and login page to steal login credentials.
HR Impersonator Spoofs Healthcare Advisory Company to Attempt Credential Theft
Using a “two-bridge[.]com” domain as a mask, an attacker sends a credential phishing email disguised as an HR department update regarding approval of a new company handbook.
UPS Impersonator Uses Compromised Account in Credential Phishing Attempt
After compromising a legitimate domain, an attacker impersonates UPS and asks the recipient to verify shipping information via a phishing link.
Attacker Uses Adobe Acrobat’s File Sharing System in Cleverly Designed Credential Theft Attempt
After compromising the email account of a Vanguard Cleaning Systems employee, an attacker creates a legitimate-looking PDF with a masked phishing link to steal credentials.
MetaMask Impersonator Disguises Credential Phishing Attack as Know Your Customer (KYC) Verification
Using a legitimate Turkish domain, an attacker attempts credential theft by applying social engineering to convince a target their cryptocurrency wallet is at risk of suspension.
Amazon Customer Service Impersonator Uses Masked Phishing Link in Credential Phishing Attack
An attacker pretends to be from Amazon customer service and informs the recipient that their account is locked because of suspicious account activity.
Chatham Financial Impersonator Utilizes Masked Phishing Link in Fake Billing Scam
After compromising a domain, an attacker creates a fake Microsoft SharePoint attachment viewer in an attempt to steal money and sensitive information.
Sophisticated Credential Theft Attempt Features a Compromised Domain and Fake Landing Page
After compromising a legitimate domain, an attacker creates a fake landing page and impersonates an internal IT admin to attempt credential theft.
Multi-Layered Credential Phishing Attempt Features a Compromised Domain and a Masked Phishing Link
After compromising a Titan Worldwide domain, an attacker pastes previous conversations and a masked phishing link into an email in an attempt to steal sensitive information.
Likely AI-Generated Credential Phishing Attack Features Impersonation of Medicare Australia
An attacker pretends to be from Medicare Australia and informs the recipient that their Medicare services have been suspended due to insufficient contact information.
National Health Service Spoofer Compromises Domain and Sends Masked Phishing Link in PNG Attachment
An attacker uses a legitimate NHS domain and Microsoft SharePoint to trick a recipient into clicking on a masked phishing link and exposing sensitive information.
Bank of America Impersonator Utilizes Google Drive to Send Masked Phishing Link Embedded in PDF Attachment
By creating a sense of urgency around unauthorized account access and using a sending domain that includes "Bank of America," the attacker aims to compel the recipient to take action.
Attacker Utilizes DocuSign to Send Masked Phishing Link Embedded in a PNG Attachment
By using a legitimate document-sending service, the attacker is counting on the recipient to engage with the attachment and expose sensitive information.
U.S. Department of Agriculture Impersonator Attempts Credential Theft Via QR Code in PDF Attachment
An attacker attempts credential theft by spoofing the USDA with an official-sounding message and a PDF attachment containing a QR code that leads to a phishing site.
Spotify Spoofer Attempts Credential Theft with Fake Login Page
An attacker pretends to be from Spotify’s customer support, inquiring about updating payment details, and creates a legitimate-looking fake Spotify login page where sensitive information can be stolen.
Clever Credential Phishing Attempt Features Fake Microsoft Office 365 Password Change Link
An attacker embeds a malicious link into an image file that looks like a Microsoft Office 365 password change alert and includes official-sounding written disclosures to increase credibility.
Credential Phisher Impersonates Internal Company Admin to Steal Sensitive Information
Using a real domain from the company as a mask, an attacker informs the recipient of blocked emails and provides links to help resolve the issue.
Coinbase Impersonator Attempts Credential Theft by Claiming Account Restriction
Hiding the actual sending domain behind a display name of "Coinbase," an attacker spoofs Coinbase's customer support to steal sensitive information.
Robinhood Impersonator Attempts Credential Theft With Fake Withdrawal Notification
By leveraging a domain similar to official Robinhood communications, an attacker attempts to steal sensitive information by creating a sense of urgency.
Sophisticated Attacker Impersonates a Company Admin and Utilizes Microsoft-Branded QR Code in Attempted Credential Phishing
An attacker creates a fake Microsoft-branded QR code and landing page to compel the recipient to enter sensitive information.
Vacation Planner Impersonator Attempts Credential Phishing with Compromised Account
An attacker gains control of a vacation resort’s customer service email address and attempts to steal sensitive information after informing the recipient of a refund.
Apple Impersonator Creates Fake Landing Page in Credential Phishing Attempt
An attacker cleverly designs a fake landing page that mimics Apple’s legitimate website to entice the recipient to input sensitive information.
TSB Bank Impersonator Uses Look-alike Domain in Likely AI-Generated Credential Phishing Attack
An attacker utilizes an unregistered look-alike domain as a mask to impersonate TSB Bank and steal sensitive information.
Netflix Impersonator Likely Utilizes Generative AI in Credential Phishing Attack
An attacker takes control of a legitimate domain to impersonate Netflix customer support in a credential theft attempt.
Attacker Takes Over Established Domain in Likely AI-Generated Credential Phishing
An attacker breaks into an 21-year-old email account and links to a malicious IPFS gateway to steal sensitive information.
Amazon Spoofer Attempts Credential Phishing with Look-alike Domain
Using friendly language and a hidden malicious link, an attacker impersonates Amazon to steal sensitive information.
Sophisticated USPS Impersonator Attempts Credential Theft in Multi-Layered Attack
An attacker likely uses generative AI to create a fake automated USPS message about incorrect address information, including links to a fake USPS landing page.
Investment Opportunity Spoofer Offers Financial Services in Likely AI-Generated Scam
An attacker offers business financing options and promises commission for all successful referrals using a spoofed address.
Freight Company Impersonated in Likely AI-Generated Credential Theft Attempt
An attacker utilizes a close resemblance freight company DAT One's domain in a credential theft attempt.
Australian Government Spoofer Promises Tax Refund in Likely AI-Generated Credential Theft
An attacker pretends to be from the “Australian Taxation Office” to steal the victim’s login credentials by promising a tax refund.
Debt Collector Spoofer Attempts Credential Theft
An AI-generated attack impersonates a debt collector and creates a sense of urgency to attempt to steal personal information.
Likely AI-Generated Attack Attempts Credential Phishing
An attacker uses a generative AI tool to spoof an insurance company, hoping to steal login credentials.
AI-Generated Credential Theft Attempted via Internal Company Impersonation
By leveraging urgency, an attacker sends an internal company communication in an attempt to steal credentials.
Kraken Exchange Spoofer Attempts to Steal Login Information
An attacker impersonates a popular cryptocurrency exchange and creates a fake website to steal login credentials.
Attacker Impersonates Apple to Request Billing Details
Using a cleverly disguised no-reply domain, an attacker poses as Apple customer support in an attempt to get billing details and other sensitive information.
Ivy League Health Director Compromised in Monkeypox Scare Spoof
By leveraging a recent public health crisis and targeting universities, the attacker hopes to elicit immediate action and steal email credentials.
Attempted Payment Fraud Using Lookalike Domain and Real Invoices Targets Manufacturing Company
Attackers pose as existing vendors and use lookalike domain and real invoices in attempt to fraudulently update payment information.
Phishing Attack Disguised as Notification Informing VP Storage Capacity Limit Exceeded
Attackers disguise phishing email to VP at financial institution as notification that full storage capacity has been reached and emails will no longer be delivered.
Fake Email Account Deactivation Notice with Phishing Link Targeting Online Retailer
Attackers pose as the internal support team at an online retailer and claim the recipient's email account has been queued for deactivation in an attempt to steal credentials or install malware.
Brand Impersonation Phishing Attack Targets VIP Using Fake Zoom Meeting Invite
This phishing attack leverages brand impersonation in an attempt to trick a VIP into clicking on a phishing link disguised as a Zoom meeting invite.
Phishing Attack Impersonates Real Estate Agent Sending Fake Document Notification to Lawyer
This phishing attack impersonated a real estate agent using dotloop, a real estate transaction management software, to trick the recipient into visiting a phishing website.
Credential Phishing Attack Poses as a Secure Message Shared by the IRS
This link-based attack impersonated the IRS using the pretext of sharing a secure ShareFile message that led to a phishing site designed to steal email credentials.
Phishing Attack Impersonating FedEx Steal Personal and Financial Data Using Captcha Protection and MFA Bypass
This phishing attack impersonated FedEx using a fake shipping notification pretext to direct a recipient to a captcha-protected phishing page created to steal personal and financial information using MFA bypass tactics.
Phishing Attack Uses Pretext of Shared Tax Documents to Steal Employee Credentials
This link-based attack incorporated a fake file attachment posing as shared tax documents that led to a phishing page meant to steal email credentials across multiple email providers.
Email Poses as an Incoming ACH Payment with HTML Attachment Leading to Branded Credential Phishing Page
This payload-based attack posed as a fake incoming ACH payment masked as an automated email from an internal company system, which contained an HTML attachment that led to a branded phishing page intended to steal the recipient’s credentials.
Phishing Attack Steals Credentials by Imitating HR Request to Review New Employee Handbook
This link-based attack imitated a company human resources email that announced the release of a new employee handbook, which included a link to a phishing page meant to steal an employee’s name and email credentials.
Payload Credential Phishing Attack Poses as an HR Announcement About New Employee Benefits
This payload-based phishing attack posed as an announcement from the company human resources team about updates to the company’s employee benefits package and requested the recipient review a supposed updated handbook, which actually opened a phishing page to steal account credentials.
Response-based Phishing Attack Impersonates CFO to Compromise Australian myGov Credentials
This attack impersonated a company CFO using a pretext of employee rewards and recognition to solicit a response leading to a request for Australian myGov credentials.
Credential Phishing Attack Poses as an Automated Aging Report Notification
This payload-based attack posed as an aging report being shared by an automated internal system that contained an HTML attachment leading to a credential phishing page.
Multi-Stage Credential Phishing Attack Uses Office365-themed PDF Attachment and Legitimate Adobe Hosting Infrastructure
This payload-based attack contained a Office365-themed PDF attachment with an embedded link to a legitimate Adobe page, which included another link to a final credential phishing page.
Credential Phishing Attack Poses as a Security Update to Enable End-to-End Encryption
This link-based credential phishing attack disguised itself as a security update to add end-to-end encryption on all employee devices.
Attack Impersonating Compromised Third-Party to Share Document Leads to OneDrive Phishing Page
This link-based attack exploited the compromised account of an external third-party to make it appear that a vendor was sharing a link to a document about new dues, when the link actually led to a OneDrive phishing page to steal credentials.
Credential Phishing Attack Masquerades as an Employee Training Invoice
This payload-based credential phishing email employed bypass tactics, including a hidden sender address and obfuscated text, to pose as an invoice for employee training.
Credential Phishing Attack Poses as a Location-based Security Alert
This payload-based credential phishing attack sent from a self-addressed spoofed email address posed as a security alert, indicating the user’s data had been accessed from a suspicious location and an HTML attachment needed to be reviewed or else their account would be locked.
Employee Sales Award-themed Credential Phishing Attack Impersonates Square
This link-based phishing attack impersonating Square used a pretext of an employee sales award to compromise account credentials.
Payload Credential Phishing Attack Incorporates a Tax Refund Theme
This payload-based attack was sent to a company executive using a tax refund theme as a pretext to get them to open an HTML file attached to a blank email, which led to a company-branded credential phishing page.
Executive Targeted in Attack Posing as Fake Financial Documents Distributed via SharePoint
This payload-based credential phishing attack targeted an executive with an email posing as financial documents shared via SharePoint and used foreign character substitution to bypass detection.
Executive Targeted in a Self-Addressed Escrow-Themed Credential Phishing Attack
This payload-based credential phishing attack sent from a self-addressed spoofed email account targeted an executive posing as a real estate document.
DocuSign Phishing Email Uses Fake Payroll and Retirement Worksheet to Steal Credentials
This payload-based credential phishing attack impersonated DocuSign and requested that recipients review employee payroll and retirement documents contained in an attached HTML file.
Credential Phishing Attack Poses as Executive’s Bonus Document
This payload-based credential phishing attack targeted an executive posing as an attached document needing review before receiving a company bonus.
Microsoft Password Expiration Pretext Used in Credential Phishing Attack
This phishing attack impersonates Microsoft using a password expiration theme to steal credentials via a malicious link.
Australian Tax Office Impersonated in Funds Transfer-themed Phishing Attack
This attack impersonates the Australian Taxation Office with a payment transfer theme and asks the recipient to validate their identity by leading them to a phishing page contained within an HTML attachment.
Wells Fargo Home Mortgage Payoff Quote Contains Credential Phishing Attachment
This attack impersonates Wells Fargo using a spoofed email address and a home mortgage payoff theme to steal credentials via an HTML attachment.
Blank Self-Addressed Spoofed Email Leads to Convincing Credential Phish
A spoofed email impersonates a settlement release in order to trick recipients into opening a phishing attachment.
Credential Phishing Email Tricks Employees Using Company HR Policy Changes
Attackers impersonate the human resources team to inform employees of salary increases, luring them to follow phishing links.
Adobe Acrobat Secure Fax Link Leads to Dropbox-Hosted Phishing Website
An attacker email containing an image of an Adobe Acrobat fax link leads to a phishing website hosted on Dropbox infrastructure.
Employee Benefits Eligibility Lure Used to Phish for Email Credentials
Attackers impersonate the HR department to deliver an updated Employee Benefits Eligibility Policy as part of a credential phishing attack.
DHL Fake Shipping Notification Used in HTML Credential Phishing Attack
Attackers impersonate DHL and ask the recipient to check their shipping documents, hidden behind a fake Microsoft 365 credential phishing page.
Paid Invoice Notification Used for Credential Phishing Attack
Attackers use an external compromised vendor account and a receipt confirmation to trick recipients into providing their Microsoft 365 credentials.
Fake Encrypted Secure Message Spoofed in Credential Phishing Attack
Attackers send what appears to be an encrypted message, similar to what you might receive from your bank, to trick recipients into providing Microsoft 365 login information.
Payroll Impersonation Designed to Elicit Quick User Response in Credential Phishing Attack
Attackers impersonate an encrypted Microsoft email focused on paystub registration to steal Microsoft 365 credentials.
DocuSign Brand Impersonation Leads to Credential Phishing Attacks
Attackers use well-known document management service DocuSign to trick users into providing Outlook login credentials.
Office 365 Image Evades Text Analysis in Credential Phishing Attack
Attackers rendered an Office 365 email as a single image file with an accompanying credential phishing link wrapping the image.
Salary Increase Update Sent to Steal Employee Credentials
Attackers impersonate the company payroll department to send a wage update that takes users to a OneDrive phishing page and steals Microsoft 365 credentials.