Attack Library
Attackers Use Look-alike Domain to Impersonate Real LinkedIn Employee in Invoice Fraud Attack
Cybercriminals manufacture a sense of urgency by using a fraudulent invoice to deceive recipients into transferring funds to an account owned by the attacker.
Threat Actor Hijacks Conversation Using Look-alike Domain in Attempt to Divert $17M Wire Transfer
Posing as a vendor, an attacker inserts themselves into an existing email thread and tries to redirect the payment for a multi-million dollar invoice.
Attacker Attempts to Stealthily Divert $1.4M AUD Using Look-alike Domain and Email Hijacking
By exploiting existing email conversations and using a look-alike domain, a threat actor attempts to compel a target to transfer funds to an account controlled by the attacker.
Attacker Leverages Stealthy Lookalike Domain in Cunning $36 Million Invoice Fraud Attempt
Using a lookalike domain with a .cam suffix instead of .com, an attacker attempts to redirect a massive loan payment to a fraudulent LLC.
PayPal Impersonator Uses Bogus Claim of Pending Refund in Fake Billing Scam
An attacker creates an email designed to imitate communications from PayPal and attempts to coerce a target into sending money as part of a refund scheme.
Threat Actor Impersonates Executive and Uses Fabricated Email Thread to Attempt Payment Fraud
An attacker creates a fake conversation between a vendor and an executive to make it appear that the executive is authorizing an ACH payment for an outstanding invoice.
Attacker Uses Compromised Vendor Account to Hijack Conversation and Attempt Payment Fraud
After breaking into a vendor’s email account, an attacker creates a look-alike domain to send a large invoice and discuss rerouting payments to a new bank account.
Vendor Impersonator Uses Cleverly-Designed Fake Microsoft Excel Spreadsheet to Attempt Credential Theft
After spoofing a legitimate domain, an attacker uses a fake password-protected financial document to steal sensitive information.
Threat Actor Launches Vendor Email Compromise Attack to Reroute Invoice Payments
After breaking into a vendor’s email account, an attacker uses official-sounding language to mimic legitimate communications and attempt payment fraud.
Fake Billing Scam Leverages Look-alike Domain to Send Fraudulent $1,000,000 Invoice
Using a look-alike domain, an attacker impersonates a vendor and sends a remittance request for a fake invoice totaling nearly $1,000,000.
Vendor Impersonator Uses Fake Invoice Notification In Credential Theft Attempt
By compromising a legitimate domain, an attacker hopes to entice the target to a credential phishing website where sensitive information like payment details can be stolen.
Disney+ Impersonator Creates Multi-Stage Vishing and Fake Billing Scam Attack Using Personalized Attachments
An attacker uses a look-alike domain and Disney+ branding to trick a target into calling a fake customer service phone number related to a new Disney+ subscription.
Threat Actor Spoofs Legitimate Domain in Dual Credential Phishing Attack and Fake Billing Scam
An attacker attempts to steal login credentials and also reroute payments by sharing a fraudulent invoice behind a fake Adobe Acrobat login screen.
Attacker Exploits Trusted Brands and Impersonates Financial Services Provider to Attempt Credential Phishing
In this credential phishing attack, the threat actor sends a fake invoice payment confirmation with a phishing link obscured using a URL shortener.
Likely AI-Generated Credential Vishing Attack Features Impersonation of Walmart
An attacker attempts to create a sense of urgency and compel the target to call a fake customer service number by sending a bogus receipt for a recent iPhone purchase.
UPS Impersonator Uses Compromised Account in Credential Phishing Attempt
After compromising a legitimate domain, an attacker impersonates UPS and asks the recipient to verify shipping information via a phishing link.
Attacker Uses Adobe Acrobat’s File Sharing System in Cleverly Designed Credential Theft Attempt
After compromising the email account of a Vanguard Cleaning Systems employee, an attacker creates a legitimate-looking PDF with a masked phishing link to steal credentials.
Chatham Financial Impersonator Utilizes Masked Phishing Link in Fake Billing Scam
After compromising a domain, an attacker creates a fake Microsoft SharePoint attachment viewer in an attempt to steal money and sensitive information.
Salesforce Impersonator Utilizes Look-Alike Domain in Fake Billing Scam
An attacker creates a domain visually similar to Salesforce [.]com, engages the target, and then forwards the thread to another colleague, heightening the chances of a successful scam.
Multi-Layer Payment Fraud Attack Attempts Redirect of $13.5 Million Invoice
After compromising a construction company, an attacker circumvents typical security protocols and creates a look-alike domain in a fake billing scam.
Fake Billing Scam Attempts Payment Fraud for $114,000 with New Banking Details
An attacker impersonates an accountant using a free webmail account to request payment of a $114,000 invoice.
Cosmetics Brand Impersonator Attempts Payment Fraud in Fake Billing Scam
An attacker uses generative AI to attempt payment fraud by impersonating an Australian cosmetics brand.
LinkedIn Spoofer Uses News of Silicon Valley Bank Closure to Attempt Payment Fraud
Attacker impersonates the LinkedIn billing department and references the recent closure of SVB in this likely AI-generated attack.
Compromised Account Used in Attempt to Siphon Nearly $4M Worth of Invoices
An attacker gains access to a compromised account and attempts to redirect large invoices to a new offshore bank.
Lookalike Domain with Single Letter Change Used for $82,000 Invoice Fraud
An attacker changes one letter of a domain to a similar-looking letter in an attempt to redirect a large invoice.
Attacker Posing as Vendor Requests Early Payment of $240,000 Invoice
Using a lookalike domain, an attacker uses conversational language in a fake billing scam.
$45,000 Wire Transfer Fraud Attempt from Compromised Vendor Account
This attack uses a compromised vendor account and cc’s lookalike domains in an attempted wire transfer fraud.
Sophisticated Attacker Targets Employees for $94,000 Fraud Attempt
By employing a look-alike domain name, an attacker attempts to redirect a large invoice totaling nearly $100k.
Attack Spoofs Debt Relief Agency and Impersonates Attorney
This attack features an impersonation of an attorney on behalf of a debt relief agency in an attempt to receive a $1,000 payment.
Fake Billing Scam Poses as a Receipt for a Quickbooks License Upgrade
This fake billing scam posed as a receipt for an upgraded Quickbooks license to get the recipient to reach out via phone and likely coerce them into installing malware.
Fake Billing Scam Poses as a PayPal Receipt for an Expensive Mirror TV to Manipulate Phone Contact
A fake billing scam impersonating PayPal posed as a payment receipt for an expensive bathroom mirror TV that was used as a lure to get a recipient to reach out via phone and likely coerce them to download malware.
Fake PayPal Cryptocurrency Payment Receipt Coerces Victims to Make Contact Via Phone
Fake invoice for a cryptocurrency purchase through PayPal is used to get email recipients to reach out via phone and likely download malware.
Call Center Phone Fraud Uses Fake Norton Invoice to Encourage Malware Installation
Increasingly popular, this phone fraud scam tricks recipients into believing that a payment has been made and encourages them to call a number to fix the problem.