Search the repository of unique attacks observed by the Abnormal Intelligence team.
DocuSign Impersonator Sends Bogus Tax-Related Email to Lure Target to Credential Phishing Website

By posing as a trusted brand and manufacturing a sense of urgency, an attacker hopes to deceive a target into providing sensitive information.

Threat Actor Convincingly Impersonates Employee Requesting Direct Deposit Update in Likely AI-Generated Attack

The attacker uses a Gmail account to send an email free of grammatical errors and with no malicious payloads to attempt payroll diversion.

Attacker Leverages Stealthy Lookalike Domain in Cunning $36 Million Invoice Fraud Attempt

Using a lookalike domain with a .cam suffix instead of .com, an attacker attempts to redirect a massive loan payment to a fraudulent LLC.

Attacker Compromises Vendor Account and Uses Confluence Page to Attempt Credential Theft

A threat actor masks a phishing link to a fake Microsoft login page in a Confluence notification sent from a compromised vendor account.

Threat Actor Poses as Vendor and Sends Fake QuickBooks Notification to Attempt Credential Theft

A threat actor fabricates a QuickBooks notification and sends a target a phishing link, purportedly to a password-protected overdue invoice.

Attacker Impersonates Lawyer and Attempts Payment Fraud Using Compromised Email Account

After compromising a lawyer’s Gmail account, an attacker builds rapport with the target by asking for help with paying a client before pivoting to a request for a larger transfer.

Threat Actor Compromises Account of Construction Project Manager and Uses Content-Sharing Platform to Send Fake RFP

An attacker attempts to trick a target into revealing sensitive information by using a compromised email account and a legitimate content-sharing platform.

Attacker Impersonates Company Admin in Clever Credential Phishing Attempt 

A threat actor uses a fake message delivery failure notification and fabricated authentication processes to try to convince a target to reveal sensitive information.

Credential Phisher Uses Legitimate Email Marketing Platform to Send Fake Voicemail Alert

After compromising a Constant Contact account, the attacker impersonates a law firm and sends a fake voicemail notification to attempt credential theft.

Threat Actor Poses as Microsoft and Leverages Open Redirect in Clever Credential Phishing Attack

After registering a legitimate Microsoft-based email account, an attacker sends a fake Microsoft voicemail notification to deceive a target into entering sensitive information.

Attacker Uses Compromised Email to Send Fake Microsoft OneDrive Notification in Credential Phishing Attack

A threat actor exploits the reputation of an established domain to send an email with an embedded image of a fabricated file-sharing notification linked to a phishing page.

Microsoft Impersonator Uses Malicious QR Code in Credential Phishing Attack

An attacker emails a fake password expiration notification with a malicious QR code linked to a phishing site.

PayPal Impersonator Uses Bogus Claim of Pending Refund in Fake Billing Scam

An attacker creates an email designed to imitate communications from PayPal and attempts to coerce a target into sending money as part of a refund scheme.

Malware Attack Features Impersonation of Attorney and Malicious Attachment Disguised as Subpoena

An attacker impersonates a real lawyer and sends a malware-infected HTML attachment which the threat actor claims is a subpoena needing review.

PayPal Impersonator Uses Spoofed Email Hosted on Legitimate Domain to Attempt Credential Theft

An attacker mimics PayPal branding and uses an Outlook address with a spoofed sender name to compel a target to click a malicious link.

Vendor Impersonation Attack Utilizes Salesforce Link in Attempt to Steal Sensitive Information

After compromising a vendor’s domain, an attacker attempts to compel a target to click a phishing link disguised as a shared document.

Attacker Compromises Personal Webmail Account to Establish Trust Before Attempting a Scam

By disguising themselves behind a compromised personal webmail account, a threat actor hopes to first build a rapport with a target before executing the next stage of the attack.

Microsoft Impersonator Spoofs Voicemail Service and Uses QR Code in Attempted Credential Theft

By crafting an email that resembles a voicemail notification from Microsoft, an attacker hopes the target will scan a malicious QR code that leads to a credential phishing website.

Attacker Utilizes Calendar Attachment and Fake Cryptocurrency Payment to Spread Malware

An attacker sends a fake confirmation of Bitcoin payment to trick the recipient into downloading a malicious ICS file.

Threat Actor Impersonates Executive and Uses Fabricated Email Thread to Attempt Payment Fraud

An attacker creates a fake conversation between a vendor and an executive to make it appear that the executive is authorizing an ACH payment for an outstanding invoice.


Attack Type

Impersonated Party

Impersonated Brand

Attack Goal

Attack Vector

Attack Tactic

Attack Theme

Attack Language