Using a real domain from the company as a mask, an attacker informs the recipient of blocked emails and provides links to help resolve the issue.
An attacker leverages a legitimate-looking domain as a mask to send a likely malware-infected document purportedly about benefits information.
Hiding the actual sending domain behind a display name of "Coinbase," an attacker spoofs Coinbase's customer support to steal sensitive information.
By leveraging a domain similar to official Robinhood communications, an attacker attempts to steal sensitive information by creating a sense of urgency.
An attacker creates a fake Microsoft-branded QR code and landing page to compel the recipient to enter sensitive information.
An attacker gains control of a domain before attempting a payload-based attack using the file-sharing tool Smash.
An attacker gains control of a vacation resort’s customer service email address and attempts to steal sensitive information after informing the recipient of a refund.
An attacker cleverly designs a fake landing page that mimics Apple’s legitimate website to entice the recipient to input sensitive information.
After compromising a construction company, an attacker circumvents typical security protocols and creates a look-alike domain in a fake billing scam.
An attacker utilizes an unregistered look-alike domain as a mask to impersonate TSB Bank and steal sensitive information.
An attacker takes control of a legitimate domain to impersonate Netflix customer support in a credential theft attempt.
An attacker breaks into an 21-year-old email account and links to a malicious IPFS gateway to steal sensitive information.
An attacker uses social engineering techniques to build trust with a recipient before likely stealing sensitive information and money.
An attacker impersonates an accountant using a free webmail account to request payment of a $114,000 invoice.
After gaining access to a legitimate account, an attacker attempts payment fraud by requesting ACH transfers instead of payments via check.
Using friendly language and a hidden malicious link, an attacker impersonates Amazon to steal sensitive information.
An attacker likely uses generative AI to create a fake automated USPS message about incorrect address information, including links to a fake USPS landing page.
An attacker offers business financing options and promises commission for all successful referrals using a spoofed address.
An attacker uses generative AI to attempt payment fraud by impersonating an Australian cosmetics brand.
An attacker utilizes a close resemblance freight company DAT One's domain in a credential theft attempt.