Search the repository of unique attacks observed by the Abnormal Intelligence team.
Attempted Payment Fraud Using Lookalike Domain and Real Invoices Targets Manufacturing Company

Attackers pose as existing vendors and use lookalike domain and real invoices in attempt to fraudulently update payment information.

Phishing Attack Disguised as Notification Informing VP Storage Capacity Limit Exceeded

Attackers disguise phishing email to VP at financial institution as notification that full storage capacity has been reached and emails will no longer be delivered.

Fake Email Account Deactivation Notice with Phishing Link Targeting Online Retailer

Attackers pose as the internal support team at an online retailer and claim the recipient's email account has been queued for deactivation in an attempt to steal credentials or install malware.

Attacker Impersonates Attorney and Sends Fake Dropbox File Transfer Notification to Deliver Malware

This malware attack impersonated a real attorney at a real firm using Dropbox to transfer a file purported to be a contract that is likely malicious.

Attack Uses Fake OneNote Attachment to Deliver Malware

This attack posted as a shared settlement document containing a malicious OneNote (.ONE) attachment to deliver malware.

Email Posing as Request for Tax Help Pivots from Response-based to Link-based Attack to Deliver Malware

This attack posed as a prospective client requesting assistance on tax returns that was used to deliver malware via a malicious link in a follow-up message.

TeamViewer Lookalike Site from Fake Bill Leads to Malware Download

This link-based attack hijacked an email thread from a compromised account to deliver a link leading to a fake TeamViewer page which attempts to download malware.

Hijacked Email Thread Used to Send Executive Link to Password-Protected Malware

An old email thread is hijacked and used to send a link to likely malware payload.

Accounts Payable Impersonated in Malware Delivery Attack

Attackers impersonate Accounts Payable to deliver a payroll remittance attachment that contains malware.

Hijacked Thread Used in Password Protected Malware Attack

This attack uses an ongoing email thread from a compromised vendor and password protected file to evade security solutions and deliver malware.

Generic Email Support Team Impersonated in Password Change Malware Attack

Attackers impersonate a generic support team as part of a multi-stage malware attack, first informing the recipient that their password needs reset and asking them to call for support.

Fake Payment Message Leads to Malware Infected ZIP File Download

Attackers trick recipients into opening a ZIP file containing malware by stating that the file contains payment information for a recent purchase.


Attack Type

Impersonated Party

Impersonated Brand

Attack Goal

Attack Vector

Attack Tactic

Attack Theme

Attack Language

See How Abnormal Stops Emerging Attacks

Get a Demo