Search the repository of unique attacks observed by the Abnormal Intelligence team.
Phishing Attack Mimics Microsoft Teams Alert to Steal Sensitive Information

Cybercriminals use a spoofed address to send a fake message notification designed to trick recipients into revealing private information.

Spoofed DHL Email with Malicious QR Code Targets Recipients in Likely AI-Generated Credential Theft Attempt

Attackers impersonate DHL and email a PDF attachment containing a malicious QR code linked to a phishing page.

Spoofed Capital One Email Uses Account Freeze Alert to Steal Credentials

Phishing attack exploits urgency and trust to deceive recipients into revealing sensitive information.

Fake Shopify Deactivation Notice Exploits Telegram to Harvest Sensitive Information in Likely AI-Generated Attack

Cybercriminals impersonate Shopify to mislead recipients into engaging with a fraudulent Telegram support account.

Attacker Impersonates Australia Post Using Spoofed Address and Sends Bogus Delivery Alert to Attempt Credential Theft

Utilizing a spoofed sender address that closely resembles a legitimate email address, a threat actor hopes to trick targets into divulging private information.

DHL Impersonator Uses Spoofed Email and Microsoft CAPTCHA to Trick Targets in Phishing Attack

Threat actors hope to deceive recipients into revealing sensitive information by leveraging mimicked branding and spoofed versions of familiar security mechanisms.

Cybercriminals Send Bogus Microsoft Email System Update Alert in Likely AI-Generated Phishing Attack

Threat actors impersonate Microsoft and use a fake notification regarding a critical error to deceive targets into revealing sensitive information.

Phishers Pose as Amazon and Use Fraudulent Payment Alert to Steal Sensitive Information

Attackers impersonate Amazon and claim there is an issue with the target’s Prime account in hopes of deceiving them into revealing private data.

Netflix Impersonator Attempts Credential Theft in Likely AI-Generated Phishing Attack

Utilizing a look-alike domain and mimicked branding, threat actors hope to deceive targets into revealing sensitive information.

Attacker Impersonates Instagram and Uses Fake Verified Badge Notification to Steal Credentials

Cybercriminals mimic Instagram and Meta branding in a malicious email and spoofed login portal in this phishing attack.

Threat Actors Exploit Docusign to Share Link to Spoofed Microsoft Login and Steal Credentials

An attacker uses Docusign to share a document containing a malicious link hidden behind a Cloudflare Turnstile.

Attackers Weaponize Zoom Docs to Phish Targets Using Fake Microsoft Portal

A threat actor exploits Zoom Docs to deliver a file with a malicious link that utilizes a Cloudflare Turnstile before redirecting to a phishing page.

Fake Quickbooks Suspension Email Aims to Steal Account Information in Likely AI-Generated Phishing Attack

Using a spoofed email, threat actors impersonate Quickbooks and attempt to manipulate targets into revealing sensitive information.

Virgin Media Impersonator Sends Fake Security Update to Steal Login Credentials

Threat actors exploit an iCloud address to attempt credential theft via a malicious login portal featuring mimicked branding.

Phishing Attack Impersonates MetaMask with Fake KYC Verification Request

Cybercriminals exploit urgency and KYC compliance to trick recipients into revealing sensitive cryptocurrency wallet information.

Threat Actor Poses as Newrez and Uses Spoofed Email to Send Fake Loan Payoff Request in Phishing Attack

Cybercriminals impersonate a mortgage lender and use a fake notification of a new message to trick recipients into disclosing sensitive information.

Phishing Attack Mimics Capital One Password Reset Notification to Steal Login Credentials

Cybercriminals exploit the fear of an unauthorized password reset to deceive recipients into revealing sensitive information.

TD Bank Impersonator Uses Fake Contact Information Verification Request in Phishing Attack

Cybercriminals use a spoofed email and impersonated branding to pose as TD Bank and attempt to trick recipients into revealing sensitive information.

Phishing Attack Uses Compromised Account to Send Text-Free Email with Link to PDF Hosted on SharePoint

Threat actor sends fraudulent notification of online fax containing purchase order for review to compel target to view PDF containing phishing link.

Cybercriminals Impersonate Santander Bank with Fake Identity Verification in Credential Theft Attempt

A threat actor sends a fraudulent unauthorized transaction alert to trick targets into providing sensitive information.

Phishing Attack Disguised as Timesheet Update from HR Attempts to Steal Personal Data

Threat actors impersonate the target’s internal HR department to deceive recipients into revealing confidential information.

Threat Actors Use Fake Bank of America Security Alert to Attempt Credential Theft

Cybercriminals use bogus security notifications to exploit fear of account issues and harvest sensitive information.

monday.com Impersonator Sends Fake HR Update in Likely-AI Generated Phishing Attack

Cybercriminals use a fraudulent employee code of conduct update to manipulate recipients into revealing private details.

Threat Actors Impersonate Squarespace with Fake Account Suspension Notification Designed to Steal Sensitive Information

Cybercriminals use a fraudulent email about a payment failure impacting domain renewal to steal sensitive information from unsuspecting recipients.

DHL Impersonator Leverages Spoofed Email and Mimicked Branding in Credential Theft Attempt

Cybercriminals use a fraudulent delivery interruption notice to trick recipients into visiting a malicious website and disclosing private details.

Phishing Attack Impersonates Apple with Fake "Apple ID Locked" Notification to Steal Sensitive Information

Threat actors use the fear of losing access to a critical account to trick recipients into revealing personal details.

Cybercriminals Pose as Capital One and Incorporate Official Branding in Fake Refund Notification

Attackers exploit the fear of delayed access to funds to trick recipients into disclosing sensitive account information.

Threat Actors Impersonate Zoom and Use Fake Branded Login Page and CAPTCHA to Steal Credentials

Cybercriminals exploit the familiarity of Zoom invitations to trick recipients into revealing sensitive information.

Disney+ Impersonator Uses Security Update as Ruse to Steal Payment Information

A cybercriminal claims regulatory changes have restricted the target’s Disney+ account access and urges them to update payment details using the provided link.

Phisher Impersonates RingCentral and Sends Fake Voicemail Notification to Steal Credentials

Cybercriminals use a free Japanese hosting service to send fake voicemail alerts, aiming to steal sensitive login details.

Cybercriminals Impersonate Apple to Trick Recipients Into Providing Sensitive Information

Using a spoofed email address, a threat actor claims the target is at risk of losing access to Apple Pay to convince them to visit a phishing site.

Phisher Convincingly Impersonates Adobe Acrobat Sign to Steal Login Credentials

Cybercriminals exploit the urgency of a signature request to trick recipients into visiting a phishing site under the guise of reviewing a confidentiality agreement.

Phishing Attack Exploits Eventbrite Branding to Steal Sensitive Information via Malicious Domain

Cybercriminals impersonate Eventbrite in an urgent email to deceive recipients into verifying account details through a phishing link.

Threat Actors Impersonate OpenSea with Fake Item Sale Notification to Steal Sensitive Information

Cybercriminals exploit the excitement of a successful NFT transaction to trick recipients into visiting a phishing site.

Phishing Attack Impersonates Organ Transplant Organization Employee to Deliver Fake Voicemail

Cybercriminals use compromised email accounts to trick recipients into visiting a phishing site under the guise of a missed voicemail notification

Attackers Convincingly Impersonate UPS and Use Fake Shipment Notification to Steal Payment Details

Threat actors attempt to deceive targets into providing credit card information under the pretense of fixing a problem with a pending shipment.

Attacker Uses Compromised Email and Legitimate File-Hosting Service in Phishing Attempt

Cybercriminals impersonate a vendor and exploit document sharing to deceive recipients and access confidential data.

Attacker Poses as HR Manager and Attempts Credential Theft via Branded Phishing Page

Using a spoofed email address, the threat actor sends a fake notification regarding employee benefits to compel the target to click on a phishing link.

Attackers Use Compromised Email and Multiple Verification Tests to Disguise Phishing Attempt

Cybercriminals exploit a compromised email address and use a fake document notification to lure recipients into revealing sensitive information.

Likely AI-Generated Phishing Attack Exploits Compromised Email to Impersonate New York State Department of Taxation

Cybercriminals manufacture a sense of urgency with a fake tax violation notice to trick recipients into disclosing sensitive information.

DHL Impersonator Sends Fraudulent Failed Delivery Notification Containing Malicious QR Code

An attacker claims a pending delivery is awaiting address confirmation to deceive the target into visiting a phishing site.

Attacker Sends Bogus Fax Notification Using Spoofed Email to Attempt Credential Theft

Cybercriminals impersonate an internal communication system to trick recipients into visiting a phishing site disguised as a Microsoft Outlook portal.

Cybercriminals Use Look-Alike Domain to Impersonate NFT Marketplace OpenSea and Steal Sensitive Information

Threat actors exploit the appeal of an exclusive financial offer to deceive recipients into compromising their security.

Phisher Impersonates Booking.com to Steal Sensitive Information via Fake Customer Complaint Email

Cybercriminals exploit the trusted name of Booking.com to deceive recipients into entering personal details into a fraudulent login page.

Phisher Impersonates Regions Bank and Sends Fraudulent Account Verification Request in Likely AI-Generated Attack

Cybercriminals create a sense of urgency with a spoofed Regions Bank email, tricking recipients into divulging personal details through a phishing site.

Phishing Attack Exploits Compromised Email to Impersonate Amazon and Steal Sensitive Information

Cybercriminals attempt to manipulate recipients into updating payment details on a fraudulent website by posing as Amazon.

Cybercriminals Pose as Capital One Using a Spoofed Email in Credential Phishing Attack

A threat actor sends a fraudulent account alert linked to a phishing website to deceive recipients into revealing confidential information.

Phishing Attack Impersonates myGov Using Spoofed Email to Steal Sensitive Information

Attackers exploit the urgency of government notifications to deceive recipients into providing personal details through a fake myGov email.

Apple Pay Impersonator Spoofs Legitimate Domain to Steal Login Credentials in Likely AI-Generated Attack

Attackers exploit the urgency of unauthorized activity alerts to deceive recipients into providing sensitive information.

American Express Impersonator Uses URL Shortener and Spoofed Email Address in Phishing Attack

Attackers exploit the urgency of credit issues to deceive recipients into providing personal details through a spoofed American Express email.

Attacker Impersonates Chicago Title Insurance Company Using Compromised Email to Steal Sensitive Information

Threat actor sends fraudulent file-sharing notification linked to cleverly disguised phishing website to deceive recipients into revealing confidential information.

Amazon Impersonator Uses Potentially Compromised Email to Steal Login Credentials in Likely AI-Generated Phishing Attack

Attackers use a spoofed email address and exploit the urgency of security issues with an Amazon account to deceive the recipient into providing sensitive information.

Threat Actor Uses Spoofed Email Address and Malicious QR Code to Attempt Credential Theft

An attacker impersonates an internal HR department to manipulate employees into scanning a malicious QR code under the guise of viewing benefits information.

Phishing Attack Impersonates Dashlane Using Lookalike Domain to Steal Sensitive Information

Attackers exploit the urgency of account verification to deceive recipients into disclosing personal data through a spoofed Dashlane email.

Threat Actors Impersonate IRS and ID.me in Sophisticated Phishing Attempt

Using a spoofed email and a convincing phishing site, attackers attempt to steal sensitive information under the guise of identity verification.

DHL Impersonator Uses Spoofed Email to Trick Recipients into Paying Fraudulent Fees

Attackers exploit the urgency of parcel delivery issues to steal payment details via a spoofed DHL email.

Phisher Impersonates Roundcube and Uses Deceptive Gmail Address to Attempt Credential Theft

An attacker creates a sense of urgency by threatening email discontinuation and prompts the recipient to enter account information into a phishing page mimicking a legitimate login portal.

Phishing Attack Impersonates Wells Fargo Using Newly-Registered Domain to Steal Sensitive Information

Attackers use a malicious email and fraudulent website to exploit the urgency of account security and deceive recipients.

Threat Actor Impersonates Spotify and Attempts to Steal Payment Details in Likely AI-Generated Phishing Attack

Attackers use a spoofed email to exploit the trust of Spotify users and direct them to a phishing site under the guise of updating payment information.

PayPal Impersonator Sends Fraudulent Account Notification Using Spoofed Email Address to Steal Account Credentials

An attacker poses as PayPal and attempts to exploit the fear of account compromise to compel targets to log into a fake website.

Threat Actor Impersonates Bankrupt Cryptocurrency Exchange FTX Trading Ltd. in Likely AI-Generated Phishing Attack

Attackers exploit the demise of FTX Trading Ltd. to deceive recipients into divulging sensitive information through a fraudulent withdrawal scheme.

Phisher Expertly Impersonates DHL Branding in Likely AI-Generated Attack

Using a fraudulent notification regarding a delivery issue, an attacker hopes to compel a target to divulge sensitive information.

Phishing Attack Impersonates Bendigo and Adelaide Bank to Harvest Personal Information

Attackers exploit a compromised email account to deceive recipients with an urgent account verification request.

Phisher Impersonates SiriusXM and Sends Fake Cancellation Notice to Harvest Credit Card Details

By posing as SiriusXM and offering a free 90-day subscription extension, an attacker hopes to convince the target to provide their credit card information.

Threat Actor Masquerades as Amazon Web Services Offering $300 Credit in Phishing Attack

An attacker attempts to steal sensitive information by impersonating AWS and encouraging the target to click a phishing link disguised as an application for an account credit.

UPS Impersonator Convincingly Incorporates Branding in Credential Theft Attempt

An attacker uses a fake failed delivery notification and invitation to sign up for UPS My Choice to compel a target to divulge sensitive information.

Likely AI-Generated Phishing Attack Spoofs Craigslist to Steal Payment Information

A cybercriminal impersonates Craigslist and sends a likely AI-generated email regarding a payment failure to convince the target to provide payment details.

Likely AI-Generated Phishing Attack Uses Compromised Email Account to Impersonate Australia and New Zealand Banking Group

Attackers use an AI-generated email to exploit the trust of a known brand and direct recipients to a phishing site under the guise of enhancing account security.

Phishing Attack Impersonates PT Federal International Finance to Steal Bitcoin Wallet Credentials

Attackers attempt to deceive the recipient with a fake Bitcoin funding notification, leading to credential theft via a fraudulent website.

Threat Actor Impersonates IRS and Manufactures Urgency in Likely AI-Generated Phishing Attack

An attacker poses as the IRS and claims there's an issue with the target's tax return to deceive them into revealing private information.

Meta Impersonator Exploits Legitimate Domain in Fake Account Deletion Notification to Steal Credentials

In this likely AI-generated attack, a threat actor poses as a Meta representative and uses a link hosted on a legitimate domain as the first step in a phishing attempt.

Threat Actor Convincingly Impersonates FedEx in Likely AI-Generated Credential Phishing Attack

An attacker incorporates FedEx branding into a fake notification of a pending package to trick a target into providing sensitive information.

Attacker Impersonates HR and Sends Bogus Employee Assessment Notification in Phishing Attempt

Using a spoofed email address, a threat actor poses as the target company's HR team and manufactures a sense of urgency to manipulate the recipient into visiting a phishing page.

Threat Actor Compromises Faculty Email to Phish University VIP in Likely AI-Generated Attack

After compromising a legitimate email account, an attacker attempts credential theft by inviting a target to apply for an employee benefits program.

Threat Actor Uses Compromised Email to Target Internal Employees in Credential Phishing Attempt

After compromising an email address, an attacker sends a fake document notification to fellow employees linked to a fake Microsoft login page hosted by Webflow designed to steal credentials.

School District Administrative Assistant Impersonator Compromises Email to Attempt Credential Theft

After compromising a vendor’s email address, an attacker crafts a fake document notification linked to a fake Microsoft login page hosted by Webflow designed to steal credentials.

Multi-Step Credential Phishing and Malware Attack Utilizes Canva and Fake Microsoft Login Page

After compromising a legitimate email account, an attacker uses Canva to host a malicious redirect link before impersonating Microsoft to gain access to a target’s environment and install Malware.

Attacker Compromises Attorney’s Account and Creates Spoofed SharePoint Landing Page in Credential Theft Attempt

Using the compromised account of a real attorney, an attacker emails the target regarding outstanding invoices with a link to a fake SharePoint landing page.

Microsoft OneDrive Impersonator Spoofs Outlook Email and Creates Fake Login Page in Credential Phishing Attempt

After spoofing one of Microsoft’s real no-reply emails, an attacker sends an identical imitation of a OneDrive notification regarding recently deleted files, urging the target to take action.

Attacker Impersonates Cryptocurrency Service in Likely AI-Generated, Multi-Step Credential Theft Attempt

An attacker impersonates payment solutions provider Wirex using a convincing account verification email and branded phishing page to steal login credentials.

Likely AI-Generated Coinbase Impersonator Creates Fake Landing Page in Multi-Step Credential Phishing Attack

By mimicking Coinbase’s branding in both the email and landing page, an attacker attempts to create a sense of urgency around suspicious account activity and prompt immediate action from the target.

Attacker Exploits Google Sites and Uses Compromised Vendor Account to Spoof Docusign in Phishing Attempt

Leveraging a compromised external vendor account, an attacker sends a fake Docusign notification linked to a Google Sites page containing a phishing link to steal sensitive information.

DocuSign Impersonator Sends Bogus Tax-Related Email to Lure Target to Credential Phishing Website

By posing as a trusted brand and manufacturing a sense of urgency, an attacker hopes to deceive a target into providing sensitive information.

Attacker Compromises Vendor Account and Uses Confluence Page to Attempt Credential Theft

A threat actor masks a phishing link to a fake Microsoft login page in a Confluence notification sent from a compromised vendor account.

Threat Actor Poses as Vendor and Sends Fake QuickBooks Notification to Attempt Credential Theft

A threat actor fabricates a QuickBooks notification and sends a target a phishing link, purportedly to a password-protected overdue invoice.

Threat Actor Compromises Account of Construction Project Manager and Uses Content-Sharing Platform to Send Fake RFP

An attacker attempts to trick a target into revealing sensitive information by using a compromised email account and a legitimate content-sharing platform.

Attacker Impersonates Company Admin in Clever Credential Phishing Attempt 

A threat actor uses a fake message delivery failure notification and fabricated authentication processes to try to convince a target to reveal sensitive information.

Credential Phisher Uses Legitimate Email Marketing Platform to Send Fake Voicemail Alert

After compromising a Constant Contact account, the attacker impersonates a law firm and sends a fake voicemail notification to attempt credential theft.

Threat Actor Poses as Microsoft and Leverages Open Redirect in Clever Credential Phishing Attack

After registering a legitimate Microsoft-based email account, an attacker sends a fake Microsoft voicemail notification to deceive a target into entering sensitive information.

Attacker Uses Compromised Email to Send Fake Microsoft OneDrive Notification in Credential Phishing Attack

A threat actor exploits the reputation of an established domain to send an email with an embedded image of a fabricated file-sharing notification linked to a phishing page.

Microsoft Impersonator Uses Malicious QR Code in Credential Phishing Attack

An attacker emails a fake password expiration notification with a malicious QR code linked to a phishing site.

PayPal Impersonator Uses Spoofed Email Hosted on Legitimate Domain to Attempt Credential Theft

An attacker mimics PayPal branding and uses an Outlook address with a spoofed sender name to compel a target to click a malicious link.

Vendor Impersonation Attack Utilizes Salesforce Link in Attempt to Steal Sensitive Information

After compromising a vendor’s domain, an attacker attempts to compel a target to click a phishing link disguised as a shared document.

Microsoft Impersonator Spoofs Voicemail Service and Uses QR Code in Attempted Credential Theft

By crafting an email that resembles a voicemail notification from Microsoft, an attacker hopes the target will scan a malicious QR code that leads to a credential phishing website.

Adobe Acrobat Sign Impersonator Sends Fake Document Notification Linked to Branded Office 365 Phishing Page

An attacker attempts to steal sensitive information using a fraudulent electronic signature request for a nonexistent NDA.

Attacker Uses Spoofed Domain to Send Fake Voicemail Notification Linked to Phishing Page

An attacker mimics a voice messaging service to lure a target to enter login credentials on a counterfeit landing page.

Threat Actor Sends Fake DocuSign Notification of Payroll and Benefits Update in QR Code Phishing Attack

An attacker attempts credential theft via a PDF attachment with DocuSign branding containing a QR code linked to a phishing site impersonating a Microsoft login page.

IRS Impersonator Sends Fake eFax Notification Regarding Tax Documents to Attempt Credential Theft

An attacker capitalizes on the inherent urgency of tax season and attempts to trick a target into clicking a malicious JPG to view purported tax documents.

Capital One Impersonator Creates Authentic-Looking Landing Page in Credential Phishing Attempt

Using a legitimate sending domain as a mask and a spoofed display name, an attacker pretends to be from Capital One’s customer service team to steal login credentials.

Vendor Impersonator Uses Cleverly-Designed Fake Microsoft Excel Spreadsheet to Attempt Credential Theft

After spoofing a legitimate domain, an attacker uses a fake password-protected financial document to steal sensitive information.

Threat Actor Impersonates Santander Consumer Bank in Credential Phishing Attack

An attacker poses as a bank representative and creates a sense of urgency regarding the target’s credit card to compel them to click an embedded phishing link.

PayPal Impersonator Uses Social Engineering and Masked Phishing Link to Attempt Credential Theft

A phisher uses a spoofed domain to send a malicious email that incorporates PayPal's branding and creates a sense of urgency around potential account closure.

Vendor Impersonator Uses Fake Invoice Notification In Credential Theft Attempt

By compromising a legitimate domain, an attacker hopes to entice the target to a credential phishing website where sensitive information like payment details can be stolen.

Phisher Impersonates Amazon and Reports Issue with Prime Membership to Prompt Target to Share Sensitive Information

Threat actor attempts to fraudulently obtain credentials and/or payment details using Amazon-branded PDF containing an embedded phishing link.

DHL Impersonator Spoofs Legitimate Domain to Send Fake Failed Shipment Notification in Phishing Attack

An attacker attempts to steal sensitive information by encouraging the recipient to use a masked phishing link to update their shipping address for a pending delivery.

Threat Actor Spoofs Legitimate Domain in Dual Credential Phishing Attack and Fake Billing Scam

An attacker attempts to steal login credentials and also reroute payments by sharing a fraudulent invoice behind a fake Adobe Acrobat login screen.

HR Impersonator Provides Fake Payroll Update in Credential Theft Attempt

By creating a sense of urgency and using official-sounding language, an attacker attempts to compel the target to click a phishing link purportedly related to payroll updates.

NDM Hospitality Impersonator Hijacks Email Thread in Convincing Credential Phishing Attack

An attacker compromises a vendor account and sends the target a fake Microsoft SharePoint link purportedly to a time-sensitive service agreement.

University HR Admin Impersonator Uses QR Code and Fake Microsoft Login Page in Credential Theft Attempt

Using official-sounding language, university branding, and a believable premise, an attacker attempts to steal sensitive information.

Attacker Compromises Legitimate Account and Embeds Phishing Link in Fake QuickBooks Payment Notification

Using a compromised email address, the threat actor sends a purposefully vague payment confirmation with an embedded phishing link.

Threat Actor Exploits Dynamics 365 Customer Voice in Phishing Attack Targeting Executive at Global Insurance Distributor

An attacker compromises an external account and embeds a phishing link in a Microsoft survey tool disguised as a document-sharing notification.

OpenSea Impersonator Creates Fake Landing Page in Sophisticated Credential Phishing Attack

After compromising a known domain, the attacker creates a fake landing page that mimics OpenSea’s official website and leverages social engineering to create a sense of urgency and persuade the target to take action.

Cleverly Designed Credential Phishing Attempt Impersonates Microsoft and Utilizes Authentic-Looking Fake Landing Page

Using a real domain as a mask, an attacker sends an image attachment with a QR code to entice the target to follow the link to reauthenticate MFA on a fake landing page.

Credential Phisher Utilizes Look-alike Domain and Fake Microsoft SharePoint Landing Page to Steal Sensitive Information

An attacker gets engagement from the target after discussing an RFQ and uses Microsoft survey forms to create a spoofed SharePoint link to appear legitimate.

Attacker Exploits Trusted Brands and Impersonates Financial Services Provider to Attempt Credential Phishing

In this credential phishing attack, the threat actor sends a fake invoice payment confirmation with a phishing link obscured using a URL shortener.

AT&T Mail Impersonator Uses Google Slides to Mask Link to Phishing Site Disguised as Login Page

A threat actor sends an account expiration notification with a link to a Google Slides presentation containing an embedded phishing link.

Attacker Compromises Account to Send Malicious Link to Fake Microsoft Login Page Designed to Steal Sensitive Information

After compromising a pro-manchester email account, a threat actor uses Monograph to host a malicious link that sends the target to a fake Microsoft login page.

Canada Post Impersonator Uses Japanese Domain in Credential Theft Attempt

A threat actor spoofs a Japanese domain and impersonates Canada Post to prompt targets to click on a credential phishing link.

Attacker Compromises New Jersey Department of Health Email Account and Sends Fake Document with Masked Phishing Link

After compromising the account, an attacker creates a fake document purporting to be a faxed invoice that includes a masked phishing link.

Chase Bank Impersonator Utilizes Google Drive to Send Masked Phishing Link Embedded in PDF Attachment

By creating a sense of urgency around unauthorized account activity and using a display name that includes "Chase Bank," the attacker aims to compel the recipient to take action.

PayPal Impersonator Uses PandaDoc to Send Fake Document in Credential Theft Attempt

An attacker claims to be from PayPal investigating a fraudulent transaction and requests sensitive information from the target to complete a verification process.

Trust Wallet Impersonator Combines Email Spoofing and Social Engineering in Credential Phishing Attack

An attacker attempts credential theft by impersonating Trust Wallet and sending a phishing link disguised as an account verification page.

Multi-Layer Instagram Impersonator Creates Several Fake Landing Pages in Sophisticated Credential Phishing Attempt

An attacker informs the target about copyright infringement and provides a fake form and login page to steal login credentials.

HR Impersonator Spoofs Healthcare Advisory Company to Attempt Credential Theft

Using a “two-bridge[.]com” domain as a mask, an attacker sends a credential phishing email disguised as an HR department update regarding approval of a new company handbook.

UPS Impersonator Uses Compromised Account in Credential Phishing Attempt

After compromising a legitimate domain, an attacker impersonates UPS and asks the recipient to verify shipping information via a phishing link.

Attacker Uses Adobe Acrobat’s File Sharing System in Cleverly Designed Credential Theft Attempt

After compromising the email account of a Vanguard Cleaning Systems employee, an attacker creates a legitimate-looking PDF with a masked phishing link to steal credentials.

MetaMask Impersonator Disguises Credential Phishing Attack as Know Your Customer (KYC) Verification

Using a legitimate Turkish domain, an attacker attempts credential theft by applying social engineering to convince a target their cryptocurrency wallet is at risk of suspension.

Amazon Customer Service Impersonator Uses Masked Phishing Link in Credential Phishing Attack

An attacker pretends to be from Amazon customer service and informs the recipient that their account is locked because of suspicious account activity.

Chatham Financial Impersonator Utilizes Masked Phishing Link in Fake Billing Scam

After compromising a domain, an attacker creates a fake Microsoft SharePoint attachment viewer in an attempt to steal money and sensitive information.

Sophisticated Credential Theft Attempt Features a Compromised Domain and Fake Landing Page

After compromising a legitimate domain, an attacker creates a fake landing page and impersonates an internal IT admin to attempt credential theft.

Multi-Layered Credential Phishing Attempt Features a Compromised Domain and a Masked Phishing Link

After compromising a Titan Worldwide domain, an attacker pastes previous conversations and a masked phishing link into an email in an attempt to steal sensitive information.

Likely AI-Generated Credential Phishing Attack Features Impersonation of Medicare Australia

An attacker pretends to be from Medicare Australia and informs the recipient that their Medicare services have been suspended due to insufficient contact information.

National Health Service Spoofer Compromises Domain and Sends Masked Phishing Link in PNG Attachment

An attacker uses a legitimate NHS domain and Microsoft SharePoint to trick a recipient into clicking on a masked phishing link and exposing sensitive information.

Bank of America Impersonator Utilizes Google Drive to Send Masked Phishing Link Embedded in PDF Attachment

By creating a sense of urgency around unauthorized account access and using a sending domain that includes "Bank of America," the attacker aims to compel the recipient to take action.

Attacker Utilizes DocuSign to Send Masked Phishing Link Embedded in a PNG Attachment

By using a legitimate document-sending service, the attacker is counting on the recipient to engage with the attachment and expose sensitive information.

U.S. Department of Agriculture Impersonator Attempts Credential Theft Via QR Code in PDF Attachment

An attacker attempts credential theft by spoofing the USDA with an official-sounding message and a PDF attachment containing a QR code that leads to a phishing site.

Spotify Spoofer Attempts Credential Theft with Fake Login Page

An attacker pretends to be from Spotify’s customer support, inquiring about updating payment details, and creates a legitimate-looking fake Spotify login page where sensitive information can be stolen.

Clever Credential Phishing Attempt Features Fake Microsoft Office 365 Password Change Link

An attacker embeds a malicious link into an image file that looks like a Microsoft Office 365 password change alert and includes official-sounding written disclosures to increase credibility.

Credential Phisher Impersonates Internal Company Admin to Steal Sensitive Information

Using a real domain from the company as a mask, an attacker informs the recipient of blocked emails and provides links to help resolve the issue.

Coinbase Impersonator Attempts Credential Theft by Claiming Account Restriction

Hiding the actual sending domain behind a display name of "Coinbase," an attacker spoofs Coinbase's customer support to steal sensitive information.

Robinhood Impersonator Attempts Credential Theft With Fake Withdrawal Notification

By leveraging a domain similar to official Robinhood communications, an attacker attempts to steal sensitive information by creating a sense of urgency.

Sophisticated Attacker Impersonates a Company Admin and Utilizes Microsoft-Branded QR Code in Attempted Credential Phishing

An attacker creates a fake Microsoft-branded QR code and landing page to compel the recipient to enter sensitive information.

Vacation Planner Impersonator Attempts Credential Phishing with Compromised Account

An attacker gains control of a vacation resort’s customer service email address and attempts to steal sensitive information after informing the recipient of a refund.

Apple Impersonator Creates Fake Landing Page in Credential Phishing Attempt

An attacker cleverly designs a fake landing page that mimics Apple’s legitimate website to entice the recipient to input sensitive information.

TSB Bank Impersonator Uses Look-alike Domain in Likely AI-Generated Credential Phishing Attack

An attacker utilizes an unregistered look-alike domain as a mask to impersonate TSB Bank and steal sensitive information.

Netflix Impersonator Likely Utilizes Generative AI in Credential Phishing Attack

An attacker takes control of a legitimate domain to impersonate Netflix customer support in a credential theft attempt.

Attacker Takes Over Established Domain in Likely AI-Generated Credential Phishing

An attacker breaks into an 21-year-old email account and links to a malicious IPFS gateway to steal sensitive information.

Amazon Spoofer Attempts Credential Phishing with Look-alike Domain

Using friendly language and a hidden malicious link, an attacker impersonates Amazon to steal sensitive information.

Sophisticated USPS Impersonator Attempts Credential Theft in Multi-Layered Attack

An attacker likely uses generative AI to create a fake automated USPS message about incorrect address information, including links to a fake USPS landing page.

Investment Opportunity Spoofer Offers Financial Services in Likely AI-Generated Scam

An attacker offers business financing options and promises commission for all successful referrals using a spoofed address.

Freight Company Impersonated in Likely AI-Generated Credential Theft Attempt

An attacker utilizes a close resemblance freight company DAT One's domain in a credential theft attempt.

Australian Government Spoofer Promises Tax Refund in Likely AI-Generated Credential Theft

An attacker pretends to be from the “Australian Taxation Office” to steal the victim’s login credentials by promising a tax refund.

Debt Collector Spoofer Attempts Credential Theft

An AI-generated attack impersonates a debt collector and creates a sense of urgency to attempt to steal personal information.

Likely AI-Generated Attack Attempts Credential Phishing

An attacker uses a generative AI tool to spoof an insurance company, hoping to steal login credentials.

AI-Generated Credential Theft Attempted via Internal Company Impersonation

By leveraging urgency, an attacker sends an internal company communication in an attempt to steal credentials.

Kraken Exchange Spoofer Attempts to Steal Login Information

An attacker impersonates a popular cryptocurrency exchange and creates a fake website to steal login credentials.

Attacker Impersonates Apple to Request Billing Details

Using a cleverly disguised no-reply domain, an attacker poses as Apple customer support in an attempt to get billing details and other sensitive information.

Ivy League Health Director Compromised in Monkeypox Scare Spoof

By leveraging a recent public health crisis and targeting universities, the attacker hopes to elicit immediate action and steal email credentials.

Attempted Payment Fraud Using Lookalike Domain and Real Invoices Targets Manufacturing Company

Attackers pose as existing vendors and use lookalike domain and real invoices in attempt to fraudulently update payment information.

Phishing Attack Disguised as Notification Informing VP Storage Capacity Limit Exceeded

Attackers disguise phishing email to VP at financial institution as notification that full storage capacity has been reached and emails will no longer be delivered.

Fake Email Account Deactivation Notice with Phishing Link Targeting Online Retailer

Attackers pose as the internal support team at an online retailer and claim the recipient's email account has been queued for deactivation in an attempt to steal credentials or install malware.

Brand Impersonation Phishing Attack Targets VIP Using Fake Zoom Meeting Invite

This phishing attack leverages brand impersonation in an attempt to trick a VIP into clicking on a phishing link disguised as a Zoom meeting invite.

Phishing Attack Impersonates Real Estate Agent Sending Fake Document Notification to Lawyer

This phishing attack impersonated a real estate agent using dotloop, a real estate transaction management software, to trick the recipient into visiting a phishing website.

Credential Phishing Attack Poses as a Secure Message Shared by the IRS

This link-based attack impersonated the IRS using the pretext of sharing a secure ShareFile message that led to a phishing site designed to steal email credentials.

Phishing Attack Impersonating FedEx Steal Personal and Financial Data Using Captcha Protection and MFA Bypass

This phishing attack impersonated FedEx using a fake shipping notification pretext to direct a recipient to a captcha-protected phishing page created to steal personal and financial information using MFA bypass tactics.

Phishing Attack Uses Pretext of Shared Tax Documents to Steal Employee Credentials

This link-based attack incorporated a fake file attachment posing as shared tax documents that led to a phishing page meant to steal email credentials across multiple email providers.

Email Poses as an Incoming ACH Payment with HTML Attachment Leading to Branded Credential Phishing Page

This payload-based attack posed as a fake incoming ACH payment masked as an automated email from an internal company system, which contained an HTML attachment that led to a branded phishing page intended to steal the recipient’s credentials.

Phishing Attack Steals Credentials by Imitating HR Request to Review New Employee Handbook

This link-based attack imitated a company human resources email that announced the release of a new employee handbook, which included a link to a phishing page meant to steal an employee’s name and email credentials.

Payload Credential Phishing Attack Poses as an HR Announcement About New Employee Benefits

This payload-based phishing attack posed as an announcement from the company human resources team about updates to the company’s employee benefits package and requested the recipient review a supposed updated handbook, which actually opened a phishing page to steal account credentials.

Response-based Phishing Attack Impersonates CFO to Compromise Australian myGov Credentials

This attack impersonated a company CFO using a pretext of employee rewards and recognition to solicit a response leading to a request for Australian myGov credentials.

Credential Phishing Attack Poses as an Automated Aging Report Notification

This payload-based attack posed as an aging report being shared by an automated internal system that contained an HTML attachment leading to a credential phishing page.

Multi-Stage Credential Phishing Attack Uses Office365-themed PDF Attachment and Legitimate Adobe Hosting Infrastructure

This payload-based attack contained a Office365-themed PDF attachment with an embedded link to a legitimate Adobe page, which included another link to a final credential phishing page.

Credential Phishing Attack Poses as a Security Update to Enable End-to-End Encryption

This link-based credential phishing attack disguised itself as a security update to add end-to-end encryption on all employee devices.

Attack Impersonating Compromised Third-Party to Share Document Leads to OneDrive Phishing Page

This link-based attack exploited the compromised account of an external third-party to make it appear that a vendor was sharing a link to a document about new dues, when the link actually led to a OneDrive phishing page to steal credentials.

Credential Phishing Attack Masquerades as an Employee Training Invoice

This payload-based credential phishing email employed bypass tactics, including a hidden sender address and obfuscated text, to pose as an invoice for employee training.

Credential Phishing Attack Poses as a Location-based Security Alert

This payload-based credential phishing attack sent from a self-addressed spoofed email address posed as a security alert, indicating the user’s data had been accessed from a suspicious location and an HTML attachment needed to be reviewed or else their account would be locked.

Employee Sales Award-themed Credential Phishing Attack Impersonates Square

This link-based phishing attack impersonating Square used a pretext of an employee sales award to compromise account credentials.

Payload Credential Phishing Attack Incorporates a Tax Refund Theme

This payload-based attack was sent to a company executive using a tax refund theme as a pretext to get them to open an HTML file attached to a blank email, which led to a company-branded credential phishing page.

Executive Targeted in Attack Posing as Fake Financial Documents Distributed via SharePoint

This payload-based credential phishing attack targeted an executive with an email posing as financial documents shared via SharePoint and used foreign character substitution to bypass detection.

Executive Targeted in a Self-Addressed Escrow-Themed Credential Phishing Attack

This payload-based credential phishing attack sent from a self-addressed spoofed email account targeted an executive posing as a real estate document.

DocuSign Phishing Email Uses Fake Payroll and Retirement Worksheet to Steal Credentials

This payload-based credential phishing attack impersonated DocuSign and requested that recipients review employee payroll and retirement documents contained in an attached HTML file.

Credential Phishing Attack Poses as Executive’s Bonus Document

This payload-based credential phishing attack targeted an executive posing as an attached document needing review before receiving a company bonus.

Microsoft Password Expiration Pretext Used in Credential Phishing Attack

This phishing attack impersonates Microsoft using a password expiration theme to steal credentials via a malicious link.

Australian Tax Office Impersonated in Funds Transfer-themed Phishing Attack

This attack impersonates the Australian Taxation Office with a payment transfer theme and asks the recipient to validate their identity by leading them to a phishing page contained within an HTML attachment.

Wells Fargo Home Mortgage Payoff Quote Contains Credential Phishing Attachment

This attack impersonates Wells Fargo using a spoofed email address and a home mortgage payoff theme to steal credentials via an HTML attachment.

Blank Self-Addressed Spoofed Email Leads to Convincing Credential Phish

A spoofed email impersonates a settlement release in order to trick recipients into opening a phishing attachment.

Credential Phishing Email Tricks Employees Using Company HR Policy Changes

Attackers impersonate the human resources team to inform employees of salary increases, luring them to follow phishing links.

Adobe Acrobat Secure Fax Link Leads to Dropbox-Hosted Phishing Website

An attacker email containing an image of an Adobe Acrobat fax link leads to a phishing website hosted on Dropbox infrastructure.

Employee Benefits Eligibility Lure Used to Phish for Email Credentials

Attackers impersonate the HR department to deliver an updated Employee Benefits Eligibility Policy as part of a credential phishing attack.

DHL Fake Shipping Notification Used in HTML Credential Phishing Attack

Attackers impersonate DHL and ask the recipient to check their shipping documents, hidden behind a fake Microsoft 365 credential phishing page.

Paid Invoice Notification Used for Credential Phishing Attack

Attackers use an external compromised vendor account and a receipt confirmation to trick recipients into providing their Microsoft 365 credentials.

Fake Encrypted Secure Message Spoofed in Credential Phishing Attack

Attackers send what appears to be an encrypted message, similar to what you might receive from your bank, to trick recipients into providing Microsoft 365 login information.

Payroll Impersonation Designed to Elicit Quick User Response in Credential Phishing Attack

Attackers impersonate an encrypted Microsoft email focused on paystub registration to steal Microsoft 365 credentials.

DocuSign Brand Impersonation Leads to Credential Phishing Attacks

Attackers use well-known document management service DocuSign to trick users into providing Outlook login credentials.

Office 365 Image Evades Text Analysis in Credential Phishing Attack

Attackers rendered an Office 365 email as a single image file with an accompanying credential phishing link wrapping the image.

Salary Increase Update Sent to Steal Employee Credentials

Attackers impersonate the company payroll department to send a wage update that takes users to a OneDrive phishing page and steals Microsoft 365 credentials.

Filters

Attack Type

Impersonated Party

Impersonated Brand

Attack Goal

Attack Vector

Attack Tactic

Attack Theme

Attack Language

AI-Generated

See How Abnormal Stops Emerging Attacks

See a Demo