Search the repository of unique attacks observed by the Abnormal Intelligence team.
Extortion Attack Claims to Have Installed Malware as a Pretext to Demand Bitcoin

This extortion attack, sent from a self-addressed spoofed email address, claimed to have installed a RAT on the recipient’s computer and demanded $950 in bitcoin in exchange for the attacker not releasing supposedly explicit videos of the recipient.

Gift Card BEC Attack Incorporates Christmas Gift Theme

This BEC attack impersonated an executive to ask the recipient to purchase prepaid cards for company employees as a holiday gift.

Third Party Reconnaissance Attack Targets Accounts Payable Team to Redirect Future Vendor Payments

This third party reconnaissance BEC attack impersonated a vendor’s accounting manager to request an update to the vendor’s bank account on file and redirect future payments to a fraudulent account.

Payroll Diversion BEC Attack Uses Foreign Character Substitution to Obfuscate Text

This BEC attack impersonated a team manager to attempt to divert the employee’s payroll direct deposit using an email that obfuscated its content using foreign character substitution.

Credential Phishing Attack Masquerades as an Employee Training Invoice

This payload-based credential phishing email employed bypass tactics, including a hidden sender address and obfuscated text, to pose as an invoice for employee training.

Credential Phishing Attack Poses as a Location-based Security Alert

This payload-based credential phishing attack sent from a self-addressed spoofed email address posed as a security alert, indicating the user’s data had been accessed from a suspicious location and an HTML attachment needed to be reviewed or else their account would be locked.

Payroll Diversion BEC Attack Mixes a Lithuanian Subject with Dutch Body Content

This BEC attack impersonated a company executive to request an update to their payroll deposit account using a combination of a Lithuanian subject and Dutch body content.

Fake Billing Scam Poses as a PayPal Receipt for an Expensive Mirror TV to Manipulate Phone Contact

A fake billing scam impersonating PayPal posed as a payment receipt for an expensive bathroom mirror TV that was used as a lure to get a recipient to reach out via phone and likely coerce them to download malware.

Acquisition-Themed BEC Attack Attempts to Pivot to a Phone Conversation

This BEC attack impersonated an executive using a spoofed email address to request an employee’s assistance with the acquisition of a foreign company, asking for the employee’s phone number to pivot to a voice conversation.

Employee Sales Award-themed Credential Phishing Attack Impersonates Square

This link-based phishing attack impersonating Square used a pretext of an employee sales award to compromise account credentials.

BEC Attack Impersonates COO to Request Payment for Supposed Legal Fees

This BEC attack impersonated a company COO using a maliciously-registered domain and spoofed display name to request a fraudulent wire transfer to pay for supposed legal fees.

Payload Credential Phishing Attack Incorporates a Tax Refund Theme

This payload-based attack was sent to a company executive using a tax refund theme as a pretext to get them to open an HTML file attached to a blank email, which led to a company-branded credential phishing page.

German-Language BEC Attack Requests Payment for Invoice via a Fake Email Chain

This German-language BEC attack impersonated a company executive to request payment for an outstanding invoice referenced in a fake email chain.

Executive Targeted in Attack Posing as Fake Financial Documents Distributed via SharePoint

This payload-based credential phishing attack targeted an executive with an email posing as financial documents shared via SharePoint and used foreign character substitution to bypass detection.

Vendor Email Compromise Attack Uses Hijacked Email Thread to Attempt to Redirect Invoice Payments

This BEC attack impersonated a vendor accounting specialist to try and redirect several invoice payments by incorporating contents from a hijacked email thread from a previously compromised account and sending the email from a lookalike domain.

Pay Stub Request Transitions to a Payroll Diversion BEC Attack

This BEC attack impersonating a company executive started with a request for the employee’s recent pay stubs, then pivoted into a request to update their direct deposit account.

Executive Targeted in a Self-Addressed Escrow-Themed Credential Phishing Attack

This payload-based credential phishing attack sent from a self-addressed spoofed email account targeted an executive posing as a real estate document.

CFO Email Address Spoofed to Request List of Outstanding Payments and Customer Contact Information

This BEC attack impersonated a company CFO using a spoofed email address and a free webmail reply-to account to request a spreadsheet of all outstanding payments and customer contact information in order to conduct future payment fraud.

Thanksgiving-Themed BEC Attack Spoofs Compromised Personal Account to Request Gift Cards

This BEC attack spoofs an external compromised account using a Thanksgiving-themed subject to request the purchase of an Amazon gift card for a supposedly sick family member.

DocuSign Phishing Email Uses Fake Payroll and Retirement Worksheet to Steal Credentials

This payload-based credential phishing attack impersonated DocuSign and requested that recipients review employee payroll and retirement documents contained in an attached HTML file.


Attack Type

Impersonated Party

Impersonated Brand

Attack Goal

Attack Vector

Attack Tactic

Attack Theme

Attack Language