Search the repository of unique attacks observed by the Abnormal Intelligence team.
Threat Actor Uses Compromised Email to Target Internal Employees in Credential Phishing Attempt

After compromising an email address, an attacker sends a fake document notification to fellow employees linked to a fake Microsoft login page hosted by Webflow designed to steal credentials.

School District Administrative Assistant Impersonator Compromises Email to Attempt Credential Theft

After compromising a vendor’s email address, an attacker crafts a fake document notification linked to a fake Microsoft login page hosted by Webflow designed to steal credentials.

Multi-Step Credential Phishing and Malware Attack Utilizes Canva and Fake Microsoft Login Page

After compromising a legitimate email account, an attacker uses Canva to host a malicious redirect link before impersonating Microsoft to gain access to a target’s environment and install Malware.

Attacker Compromises Attorney’s Account and Creates Spoofed SharePoint Landing Page in Credential Theft Attempt

Using the compromised account of a real attorney, an attacker emails the target regarding outstanding invoices with a link to a fake SharePoint landing page.

Microsoft OneDrive Impersonator Spoofs Outlook Email and Creates Fake Login Page in Credential Phishing Attempt

After spoofing one of Microsoft’s real no-reply emails, an attacker sends an identical imitation of a OneDrive notification regarding recently deleted files, urging the target to take action.

Attacker Impersonates Cryptocurrency Service in Likely AI-Generated, Multi-Step Credential Theft Attempt

An attacker impersonates payment solutions provider Wirex using a convincing account verification email and branded phishing page to steal login credentials.

Multi-Step Vishing Attempt Features Impersonation of PayPal and McAfee

After spoofing a PayPal customer service email, an attacker sends a fraudulent notification regarding a bogus McAfee charge to compel the target to call a fake support center and cancel the transaction.

Likely AI-Generated Coinbase Impersonator Creates Fake Landing Page in Multi-Step Credential Phishing Attack

By mimicking Coinbase’s branding in both the email and landing page, an attacker attempts to create a sense of urgency around suspicious account activity and prompt immediate action from the target.

Attacker Exploits Google Sites and Uses Compromised Vendor Account to Spoof Docusign in Phishing Attempt

Leveraging a compromised external vendor account, an attacker sends a fake Docusign notification linked to a Google Sites page containing a phishing link to steal sensitive information.

DocuSign Impersonator Sends Bogus Tax-Related Email to Lure Target to Credential Phishing Website

By posing as a trusted brand and manufacturing a sense of urgency, an attacker hopes to deceive a target into providing sensitive information.

Threat Actor Convincingly Impersonates Employee Requesting Direct Deposit Update in Likely AI-Generated Attack

The attacker uses a Gmail account to send an email free of grammatical errors and with no malicious payloads to attempt payroll diversion.

Attacker Leverages Stealthy Lookalike Domain in Cunning $36 Million Invoice Fraud Attempt

Using a lookalike domain with a .cam suffix instead of .com, an attacker attempts to redirect a massive loan payment to a fraudulent LLC.

Attacker Compromises Vendor Account and Uses Confluence Page to Attempt Credential Theft

A threat actor masks a phishing link to a fake Microsoft login page in a Confluence notification sent from a compromised vendor account.

Threat Actor Poses as Vendor and Sends Fake QuickBooks Notification to Attempt Credential Theft

A threat actor fabricates a QuickBooks notification and sends a target a phishing link, purportedly to a password-protected overdue invoice.

Attacker Impersonates Lawyer and Attempts Payment Fraud Using Compromised Email Account

After compromising a lawyer’s Gmail account, an attacker builds rapport with the target by asking for help with paying a client before pivoting to a request for a larger transfer.

Threat Actor Compromises Account of Construction Project Manager and Uses Content-Sharing Platform to Send Fake RFP

An attacker attempts to trick a target into revealing sensitive information by using a compromised email account and a legitimate content-sharing platform.

Attacker Impersonates Company Admin in Clever Credential Phishing Attempt 

A threat actor uses a fake message delivery failure notification and fabricated authentication processes to try to convince a target to reveal sensitive information.

Credential Phisher Uses Legitimate Email Marketing Platform to Send Fake Voicemail Alert

After compromising a Constant Contact account, the attacker impersonates a law firm and sends a fake voicemail notification to attempt credential theft.

Threat Actor Poses as Microsoft and Leverages Open Redirect in Clever Credential Phishing Attack

After registering a legitimate Microsoft-based email account, an attacker sends a fake Microsoft voicemail notification to deceive a target into entering sensitive information.

Attacker Uses Compromised Email to Send Fake Microsoft OneDrive Notification in Credential Phishing Attack

A threat actor exploits the reputation of an established domain to send an email with an embedded image of a fabricated file-sharing notification linked to a phishing page.


Attack Type

Impersonated Party

Impersonated Brand

Attack Goal

Attack Vector

Attack Tactic

Attack Theme

Attack Language