Search the repository of unique attacks observed by the Abnormal Intelligence team.
Attacker Impersonates Instagram and Uses Fake Verified Badge Notification to Steal Credentials

Cybercriminals mimic Instagram and Meta branding in a malicious email and spoofed login portal in this phishing attack.

Threat Actors Exploit Docusign to Share Link to Spoofed Microsoft Login and Steal Credentials

An attacker uses Docusign to share a document containing a malicious link hidden behind a Cloudflare Turnstile.

Attackers Weaponize Zoom Docs to Phish Targets Using Fake Microsoft Portal

A threat actor exploits Zoom Docs to deliver a file with a malicious link that utilizes a Cloudflare Turnstile before redirecting to a phishing page.

Attackers Pose as Social Security Administration and Use Fake Benefits Update to Deploy Malware

Cybercriminals exploit trust in government communications to trick recipients into downloading a malicious file.

Fake Quickbooks Suspension Email Aims to Steal Account Information in Likely AI-Generated Phishing Attack

Using a spoofed email, threat actors impersonate Quickbooks and attempt to manipulate targets into revealing sensitive information.

Virgin Media Impersonator Sends Fake Security Update to Steal Login Credentials

Threat actors exploit an iCloud address to attempt credential theft via a malicious login portal featuring mimicked branding.

Phishing Attack Impersonates MetaMask with Fake KYC Verification Request

Cybercriminals exploit urgency and KYC compliance to trick recipients into revealing sensitive cryptocurrency wallet information.

Threat Actor Poses as Newrez and Uses Spoofed Email to Send Fake Loan Payoff Request in Phishing Attack

Cybercriminals impersonate a mortgage lender and use a fake notification of a new message to trick recipients into disclosing sensitive information.

Phishing Attack Mimics Capital One Password Reset Notification to Steal Login Credentials

Cybercriminals exploit the fear of an unauthorized password reset to deceive recipients into revealing sensitive information.

TD Bank Impersonator Uses Fake Contact Information Verification Request in Phishing Attack

Cybercriminals use a spoofed email and impersonated branding to pose as TD Bank and attempt to trick recipients into revealing sensitive information.

Phishing Attack Uses Compromised Account to Send Text-Free Email with Link to PDF Hosted on SharePoint

Threat actor sends fraudulent notification of online fax containing purchase order for review to compel target to view PDF containing phishing link.

Cybercriminals Impersonate Santander Bank with Fake Identity Verification in Credential Theft Attempt

A threat actor sends a fraudulent unauthorized transaction alert to trick targets into providing sensitive information.

Phishing Attack Disguised as Timesheet Update from HR Attempts to Steal Personal Data

Threat actors impersonate the target’s internal HR department to deceive recipients into revealing confidential information.

Threat Actors Use Fake Bank of America Security Alert to Attempt Credential Theft

Cybercriminals use bogus security notifications to exploit fear of account issues and harvest sensitive information.

Attackers Use Look-alike Domain to Impersonate Real LinkedIn Employee in Invoice Fraud Attack

Cybercriminals manufacture a sense of urgency by using a fraudulent invoice to deceive recipients into transferring funds to an account owned by the attacker.

Attacker Impersonates Internal University IT Department to Send Malware Using Fake Voice Message Notification

Cybercriminals send a malicious HTM attachment disguised as a voice message recording to deploy malware on recipients’ devices.

monday.com Impersonator Sends Fake HR Update in Likely-AI Generated Phishing Attack

Cybercriminals use a fraudulent employee code of conduct update to manipulate recipients into revealing private details.

Threat Actors Impersonate Squarespace with Fake Account Suspension Notification Designed to Steal Sensitive Information

Cybercriminals use a fraudulent email about a payment failure impacting domain renewal to steal sensitive information from unsuspecting recipients.

DHL Impersonator Leverages Spoofed Email and Mimicked Branding in Credential Theft Attempt

Cybercriminals use a fraudulent delivery interruption notice to trick recipients into visiting a malicious website and disclosing private details.

Phishing Attack Impersonates Apple with Fake "Apple ID Locked" Notification to Steal Sensitive Information

Threat actors use the fear of losing access to a critical account to trick recipients into revealing personal details.

Filters

Attack Type

Impersonated Party

Impersonated Brand

Attack Goal

Attack Vector

Attack Tactic

Attack Theme

Attack Language

AI-Generated