Attack Library
Pay Stub Request Transitions to a Payroll Diversion BEC Attack
This BEC attack impersonating a company executive started with a request for the employee’s recent pay stubs, then pivoted into a request to update their direct deposit account.
Executive Targeted in a Self-Addressed Escrow-Themed Credential Phishing Attack
This payload-based credential phishing attack sent from a self-addressed spoofed email account targeted an executive posing as a real estate document.
CFO Email Address Spoofed to Request List of Outstanding Payments and Customer Contact Information
This BEC attack impersonated a company CFO using a spoofed email address and a free webmail reply-to account to request a spreadsheet of all outstanding payments and customer contact information in order to conduct future payment fraud.
Thanksgiving-Themed BEC Attack Spoofs Compromised Personal Account to Request Gift Cards
This BEC attack spoofs an external compromised account using a Thanksgiving-themed subject to request the purchase of an Amazon gift card for a supposedly sick family member.
DocuSign Phishing Email Uses Fake Payroll and Retirement Worksheet to Steal Credentials
This payload-based credential phishing attack impersonated DocuSign and requested that recipients review employee payroll and retirement documents contained in an attached HTML file.
Gift Card BEC Attack Impersonates COO to Encourage Employee Performance
This BEC attack impersonated a company COO using a free webmail account registered using the COO’s name to request an employee purchase gift cards to reward employee performance.
Executive Impersonated in Request to Pay Fake New Contractor
This BEC attack impersonated a company executive using a free Estonian email account to request that a payment be sent to a new independent contractor.
Credential Phishing Attack Poses as Executive’s Bonus Document
This payload-based credential phishing attack targeted an executive posing as an attached document needing review before receiving a company bonus.
Vendor Accountant Impersonated to Divert Outstanding Payment Due to COVID-19/Monkeypox Outbreak
This attack impersonates an accountant at a third-party supplier to request an outstanding payment to an alternate account due to a supposed outbreak of COVID-19 and monkeypox.
German-Language Message From “CEO” Attempts to Coerce Fraudulent Payment from CFO
This German-language attack targets a CFO impersonating the company CEO to request internal bank account details and a large outgoing payment.
Microsoft Password Expiration Pretext Used in Credential Phishing Attack
This phishing attack impersonates Microsoft using a password expiration theme to steal credentials via a malicious link.
CEO Impersonated in BEC Attack Requesting List of Pending Legal Settlements
This attack impersonates a company CEO to request a file containing a list of legal settlements that are pending payments.
Swedish Language Attack Requests Payment for an Overdue Invoice via a Fake Email Chain
This Swedish-language BEC attack impersonates a company executive to request payment for an outstanding invoice referenced in a fake email chain.
Australian Tax Office Impersonated in Funds Transfer-themed Phishing Attack
This attack impersonates the Australian Taxation Office with a payment transfer theme and asks the recipient to validate their identity by leading them to a phishing page contained within an HTML attachment.
Wells Fargo Home Mortgage Payoff Quote Contains Credential Phishing Attachment
This attack impersonates Wells Fargo using a spoofed email address and a home mortgage payoff theme to steal credentials via an HTML attachment.
Blank Self-Addressed Spoofed Email Leads to Convincing Credential Phish
A spoofed email impersonates a settlement release in order to trick recipients into opening a phishing attachment.
BEC Gift Card Attack Leverages Foreign Character Substitution to Bypass Defenses
An attacker uses foreign character insertion in the email subject to send a request to connect via phone, likely for the purpose of purchasing gift cards.
Hijacked Email Thread Used to Send Executive Link to Password-Protected Malware
An old email thread is hijacked and used to send a link to likely malware payload.
Fake PayPal Cryptocurrency Payment Receipt Coerces Victims to Make Contact Via Phone
Fake invoice for a cryptocurrency purchase through PayPal is used to get email recipients to reach out via phone and likely download malware.
Impersonation Bypasses Security Controls with a Lookalike Email Address
An attacker posing as a vendor attempts to solicit overdue payments by using a lookalike email address.