This attack is an investment opportunity scam in which the attacker offers business financing and an opportunity to "grow to new heights." In a conversational style, the attacker provides details on the financial services offered and asks the recipient to spread the word to others, promising a commission for all successful referrals. The attacker spoofs "" to further mask their identity since any reply by the recipient will go to "" This likely AI-generated attack preys on human instinct since there are no obvious hallmarks of a typical scam, with no malicious links or attachments and no obvious spelling or grammatical errors.

Legacy email security tools struggle to flag this email as an attack because of the spoofed email address, the lack of malicious links or attachments, and the sophisticated social engineering techniques. AI-powered security solutions analyze the mismatched reply-to address, the contents of the email, and the unknown sender domain to identify this as an attack correctly.

Status Bar Dots
Aug17 Screenshot

How Does This Attack Bypass Email Defenses?

This email attack bypasses traditional security solutions for multiple reasons, including the following:

  • Spoofed Email Address: The email appears to be sent from a legitimate email address (, which could bypass security checks that only look at the sender's email address.
  • No Malicious Links or Attachments: The email does not contain any malicious links or attachments, which are often the focus of traditional security tools. The absence of these elements could allow the email to bypass such checks.
  • Social Engineering: The email uses social engineering techniques to persuade the recipient to respond to the sender's email address. Traditional security tools may not be able to detect such subtle manipulation tactics.

How Did Abnormal Detect This Attack?

This attack was detected using AI and ML by analyzing various factors, including the following:

  • Mismatched Reply-To Address: The reply-to email address differs from the sender's. This common tactic is used in phishing attacks and is detectable by Abnormal's AI. 
  • Unknown Sender Domain: Abnormal's AI can detect that the email came from an unknown domain that the company has never received messages from in the past. This is a strong signal that the message could be suspicious.
  • Content Analysis: The email content, which offers a too-good-to-be-true investment opportunity, is a common tactic used in scam emails. Abnormal's AI can analyze the content of emails for suspicious patterns.

By recognizing established normal behavior and detecting these abnormal indicators, a modern email security solution has the ability to prevent this attack from reaching inboxes.

Please note the exact detection mechanism from Abnormal Security's system might include proprietary techniques and methodologies not disclosed here.

Analysis Overview




Credential Theft


Spoofed Email Address


Financial Services

Impersonated Party

External Party - Other

AI Generated


See How Abnormal Stops Emerging Attacks

See a Demo