After breaking into a vendor’s email account, an attacker creates a look-alike domain to send a large invoice and discuss rerouting payments to a new bank account.
After spoofing a legitimate domain, an attacker uses a fake password-protected financial document to steal sensitive information.
After breaking into a vendor’s email account, an attacker uses official-sounding language to mimic legitimate communications and attempt payment fraud.
Using a look-alike domain, an attacker impersonates a vendor and sends a remittance request for a fake invoice totaling nearly $1,000,000.
By compromising a legitimate domain, an attacker hopes to entice the target to a credential phishing website where sensitive information like payment details can be stolen.
An attacker uses a look-alike domain and Disney+ branding to trick a target into calling a fake customer service phone number related to a new Disney+ subscription.
An attacker attempts to steal login credentials and also reroute payments by sharing a fraudulent invoice behind a fake Adobe Acrobat login screen.
In this credential phishing attack, the threat actor sends a fake invoice payment confirmation with a phishing link obscured using a URL shortener.
An attacker attempts to create a sense of urgency and compel the target to call a fake customer service number by sending a bogus receipt for a recent iPhone purchase.
After compromising a legitimate domain, an attacker impersonates UPS and asks the recipient to verify shipping information via a phishing link.
After compromising the email account of a Vanguard Cleaning Systems employee, an attacker creates a legitimate-looking PDF with a masked phishing link to steal credentials.
After compromising a domain, an attacker creates a fake Microsoft SharePoint attachment viewer in an attempt to steal money and sensitive information.
An attacker creates a domain visually similar to Salesforce [.]com, engages the target, and then forwards the thread to another colleague, heightening the chances of a successful scam.
After compromising a construction company, an attacker circumvents typical security protocols and creates a look-alike domain in a fake billing scam.
An attacker impersonates an accountant using a free webmail account to request payment of a $114,000 invoice.
An attacker uses generative AI to attempt payment fraud by impersonating an Australian cosmetics brand.
Attacker impersonates the LinkedIn billing department and references the recent closure of SVB in this likely AI-generated attack.
An attacker gains access to a compromised account and attempts to redirect large invoices to a new offshore bank.
An attacker changes one letter of a domain to a similar-looking letter in an attempt to redirect a large invoice.
Using a lookalike domain, an attacker uses conversational language in a fake billing scam.
This attack uses a compromised vendor account and cc’s lookalike domains in an attempted wire transfer fraud.
By employing a look-alike domain name, an attacker attempts to redirect a large invoice totaling nearly $100k.
This attack features an impersonation of an attorney on behalf of a debt relief agency in an attempt to receive a $1,000 payment.
This fake billing scam posed as a receipt for an upgraded Quickbooks license to get the recipient to reach out via phone and likely coerce them into installing malware.
A fake billing scam impersonating PayPal posed as a payment receipt for an expensive bathroom mirror TV that was used as a lure to get a recipient to reach out via phone and likely coerce them to download malware.
Fake invoice for a cryptocurrency purchase through PayPal is used to get email recipients to reach out via phone and likely download malware.
Increasingly popular, this phone fraud scam tricks recipients into believing that a payment has been made and encourages them to call a number to fix the problem.