Using official-sounding language, university branding, and a believable premise, an attacker attempts to steal sensitive information.
Using a compromised email address, the threat actor sends a purposefully vague payment confirmation with an embedded phishing link.
An attacker compromises an external account and embeds a phishing link in a Microsoft survey tool disguised as a document-sharing notification.
After compromising a known domain, the attacker creates a fake landing page that mimics OpenSea’s official website and leverages social engineering to create a sense of urgency and persuade the target to take action.
Using a real domain as a mask, an attacker sends an image attachment with a QR code to entice the target to follow the link to reauthenticate MFA on a fake landing page.
An attacker gets engagement from the target after discussing an RFQ and uses Microsoft survey forms to create a spoofed SharePoint link to appear legitimate.
In this credential phishing attack, the threat actor sends a fake invoice payment confirmation with a phishing link obscured using a URL shortener.
In this debt collection scam, the attacker sends a fraudulent final notice for a nonexistent debt and uses social engineering to create a sense of urgency.
A threat actor sends an account expiration notification with a link to a Google Slides presentation containing an embedded phishing link.
After compromising a pro-manchester email account, a threat actor uses Monograph to host a malicious link that sends the target to a fake Microsoft login page.
A threat actor spoofs a Japanese domain and impersonates Canada Post to prompt targets to click on a credential phishing link.
After compromising the account, an attacker creates a fake document purporting to be a faxed invoice that includes a masked phishing link.
By creating a sense of urgency around unauthorized account activity and using a display name that includes "Chase Bank," the attacker aims to compel the recipient to take action.
An attacker claims to be from PayPal investigating a fraudulent transaction and requests sensitive information from the target to complete a verification process.
An attacker attempts credential theft by impersonating Trust Wallet and sending a phishing link disguised as an account verification page.
An attacker informs the target about copyright infringement and provides a fake form and login page to steal login credentials.
An attacker attempts to create a sense of urgency and compel the target to call a fake customer service number by sending a bogus receipt for a recent iPhone purchase.
Using a “two-bridge[.]com” domain as a mask, an attacker sends a credential phishing email disguised as an HR department update regarding approval of a new company handbook.
After compromising a legitimate domain, an attacker impersonates UPS and asks the recipient to verify shipping information via a phishing link.
After compromising the email account of a Vanguard Cleaning Systems employee, an attacker creates a legitimate-looking PDF with a masked phishing link to steal credentials.