Search the repository of unique attacks observed by the Abnormal Intelligence team.
Danish BEC Attack Impersonates CEO to Request Gift Cards

This Danish-language BEC attack impersonated a company CEO to request the purchase of iTunes gift cards.

BEC Attack Impersonates Vendor to Request Account Update Using Fake Bank Authorization Letter

This BEC attack impersonated a vendor using a lookalike domain and fake bank authorization letter to request an update to their payment account information.

Credential Phishing Attack Poses as a Secure Message Shared by the IRS

This link-based attack impersonated the IRS using the pretext of sharing a secure ShareFile message that led to a phishing site designed to steal email credentials.

Phishing Attack Impersonating FedEx Steal Personal and Financial Data Using Captcha Protection and MFA Bypass

This phishing attack impersonated FedEx using a fake shipping notification pretext to direct a recipient to a captcha-protected phishing page created to steal personal and financial information using MFA bypass tactics.

Fake Billing Scam Poses as a Receipt for a Quickbooks License Upgrade

This fake billing scam posed as a receipt for an upgraded Quickbooks license to get the recipient to reach out via phone and likely coerce them into installing malware.

Italian-Language Aging Report Theft BEC Attack Impersonates Company Executive

This Italian-language BEC attack impersonated a company executive to request a list of customers and their overdue balances.

Attack Uses Fake OneNote Attachment to Deliver Malware

This attack posted as a shared settlement document containing a malicious OneNote (.ONE) attachment to deliver malware.

Phishing Attack Uses Pretext of Shared Tax Documents to Steal Employee Credentials

This link-based attack incorporated a fake file attachment posing as shared tax documents that led to a phishing page meant to steal email credentials across multiple email providers.

Email Posing as Request for Tax Help Pivots from Response-based to Link-based Attack to Deliver Malware

This attack posed as a prospective client requesting assistance on tax returns that was used to deliver malware via a malicious link in a follow-up message.

BEC Attack Poses as a Factoring Company to Request Aging Report with Customer Payment Information

This BEC attack impersonated an external factoring company using a free webmail account with a customized impersonation username to request a copy of an updated aging report containing customer payment and contact information.

BEC Attack Targets Head of Human Resources to Request Copies of Employee W-2s

This BEC attack impersonated the company CEO using multiple free webmail accounts to request a copy of all employee W-2s.

Email Poses as an Incoming ACH Payment with HTML Attachment Leading to Branded Credential Phishing Page

This payload-based attack posed as a fake incoming ACH payment masked as an automated email from an internal company system, which contained an HTML attachment that led to a branded phishing page intended to steal the recipient’s credentials.

Hungarian BEC Attack Impersonates Executive to Request a Payment to a Fake UK Company

This Hungarian-language BEC attack impersonated a company executive using a freely-available Gmail account to request a payment to be sent to a fictitious company located in the United Kingdom.

Payload Credential Phishing Attack Poses as an HR Announcement About New Employee Benefits

This payload-based phishing attack posed as an announcement from the company human resources team about updates to the company’s employee benefits package and requested the recipient review a supposed updated handbook, which actually opened a phishing page to steal account credentials.

Phishing Attack Steals Credentials by Imitating HR Request to Review New Employee Handbook

This link-based attack imitated a company human resources email that announced the release of a new employee handbook, which included a link to a phishing page meant to steal an employee’s name and email credentials.

French-language BEC Attack Impersonates Executive Requesting Assistance in a Corporate Acquisition

This French-language BEC attack impersonated a company executive using a free webmail account created with a lookalike username to request assistance making a payment that was supposedly part of a corporate acquisition.

BEC Attack Impersonates a CEO Using a Combination of a Spoofed Email Address and Reply-to Address with a Mirrored Username

This BEC attack impersonated a company CEO using a combination of a spoofed email address and an account hosted on a malicious domain created with a username matching the CEO’s to request a fraudulent payment.

Extortion Attack Impersonates French Law Enforcement and Europol

This extortion attack impersonated French law enforcement and Europol to attempt to coerce a target into contacting a secondary email address using threats of arrest and media exposure.

BEC Attack Impersonates Distribution Supplier and Offers Discount as an Incentive for Quick Payment

This BEC attack impersonated an external distribution partner using a compromised account and encrypted email service to inquire about outstanding payments, update payment account information, and offer a discount as a quick payment incentive.

Italian-language BEC Attack Attempts to Divert Executive's Paycheck

This Italian-language BEC attack impersonated a company executive to request an update to their payroll account information that would divert future paychecks to a fraudulent account.


Attack Type

Impersonated Party

Impersonated Brand

Attack Goal

Attack Vector

Attack Tactic

Attack Theme

Attack Language