This attack is a phishing attempt, featuring a brand impersonation from Kraken Exchange, a popular cryptocurrency platform. The likely AI-generated content of the email informs the recipient of a mandatory security update, directing them to a login page in the hopes of stealing their legitimate Kraken credentials. Preying on human instinct, the attacker also creates a fake Kraken login page that is accessible from the link in the email, indicating a sophisticated and multi-faceted attack. 

Older email security tools likely cannot detect this attack because of the older domain age, social engineering techniques, and lack of known malicious keywords that usually trigger traditional tools. Advanced, AI-powered email security solutions analyze the content of the email, the domain used, and the suspicious links present to identify this as an attack.

Status Bar Dots
Aug4 1
Status Bar Dots
Aug4 2

How Does This Attack Bypass Email Defenses?

This email attack bypasses traditional security solutions for multiple reasons, including the following:

  • Old Domain Age: The sender's domain age is 15 years old. Older domains are often considered more trustworthy by traditional security tools, as many malicious domains are newly registered.
  • Social Engineering: The email uses social engineering techniques to convince the recipient to click on the link and provide their account information. Traditional security tools may not be able to detect this kind of human-focused manipulation.
  • Lack of Known Malicious Keywords: The email does not contain any obvious malicious keywords that would trigger traditional security tools. The language used is professional and mimics that of a legitimate security update notification.

How Did Abnormal Detect This Attack?

This attack was detected using AI and ML by analyzing various factors, including the following:

  • Content Analysis: The email content is analyzed for signs of phishing or social engineering. In this case, the email uses social engineering techniques, such as urgency and fear, to persuade the recipient to click on the link and provide their account information. This is a common characteristic of phishing emails.
  • Suspicious Link: The email contains a link that leads to a website that is not associated with Kraken. This is a common tactic used in phishing emails to steal user credentials.
  • Domain Analysis: Despite the sender's old domain, which could trick traditional tools, Abnormal's models consider a wide range of factors. For example, it would note that the domain of the email sender doesn't match the domain of the company it's pretending to be.

By recognizing established normal behavior and detecting these abnormal indicators, a modern email security solution has the ability to prevent this attack from reaching inboxes.

Please note the exact detection mechanism from Abnormal Security's system might include proprietary techniques and methodologies not disclosed here.

Analysis Overview




Credential Theft


Branded Phishing Page


Security Update

Impersonated Party


Impersonated Brands


AI Generated


See How Abnormal Stops Emerging Attacks

See a Demo