Attack Library
HR Impersonator Spoofs Healthcare Advisory Company to Attempt Credential Theft
Using a “two-bridge[.]com” domain as a mask, an attacker sends a credential phishing email disguised as an HR department update regarding approval of a new company handbook.
UPS Impersonator Uses Compromised Account in Credential Phishing Attempt
After compromising a legitimate domain, an attacker impersonates UPS and asks the recipient to verify shipping information via a phishing link.
Attacker Uses Adobe Acrobat’s File Sharing System in Cleverly Designed Credential Theft Attempt
After compromising the email account of a Vanguard Cleaning Systems employee, an attacker creates a legitimate-looking PDF with a masked phishing link to steal credentials.
MetaMask Impersonator Disguises Credential Phishing Attack as Know Your Customer (KYC) Verification
Using a legitimate Turkish domain, an attacker attempts credential theft by applying social engineering to convince a target their cryptocurrency wallet is at risk of suspension.
Likely AI-Generated Financial Services Scam Features Social Engineering Techniques for Future Credential Theft
An attacker attempts to develop trust with a recipient and set the stage for future credential theft by referencing past interactions and updates on a $800,000 investment.
Likely AI-Generated Microsoft Impersonator Sends Fake Attachment in Malware Attack
Using a legitimate domain as a mask, an attacker attempts to infect a recipient’s computer with malware via an HTML attachment.
Amazon Customer Service Impersonator Uses Masked Phishing Link in Credential Phishing Attack
An attacker pretends to be from Amazon customer service and informs the recipient that their account is locked because of suspicious account activity.
Chatham Financial Impersonator Utilizes Masked Phishing Link in Fake Billing Scam
After compromising a domain, an attacker creates a fake Microsoft SharePoint attachment viewer in an attempt to steal money and sensitive information.
Sophisticated Credential Theft Attempt Features a Compromised Domain and Fake Landing Page
After compromising a legitimate domain, an attacker creates a fake landing page and impersonates an internal IT admin to attempt credential theft.
Multi-Layered Credential Phishing Attempt Features a Compromised Domain and a Masked Phishing Link
After compromising a Titan Worldwide domain, an attacker pastes previous conversations and a masked phishing link into an email in an attempt to steal sensitive information.
Likely AI-Generated Credential Phishing Attack Features Impersonation of Medicare Australia
An attacker pretends to be from Medicare Australia and informs the recipient that their Medicare services have been suspended due to insufficient contact information.
Salesforce Impersonator Utilizes Look-Alike Domain in Fake Billing Scam
An attacker creates a domain visually similar to Salesforce [.]com, engages the target, and then forwards the thread to another colleague, heightening the chances of a successful scam.
National Health Service Spoofer Compromises Domain and Sends Masked Phishing Link in PNG Attachment
An attacker uses a legitimate NHS domain and Microsoft SharePoint to trick a recipient into clicking on a masked phishing link and exposing sensitive information.
Bank of America Impersonator Utilizes Google Drive to Send Masked Phishing Link Embedded in PDF Attachment
By creating a sense of urgency around unauthorized account access and using a sending domain that includes "Bank of America," the attacker aims to compel the recipient to take action.
Attacker Utilizes DocuSign to Send Masked Phishing Link Embedded in a PNG Attachment
By using a legitimate document-sending service, the attacker is counting on the recipient to engage with the attachment and expose sensitive information.
U.S. Department of Agriculture Impersonator Attempts Credential Theft Via QR Code in PDF Attachment
An attacker attempts credential theft by spoofing the USDA with an official-sounding message and a PDF attachment containing a QR code that leads to a phishing site.
Spotify Spoofer Attempts Credential Theft with Fake Login Page
An attacker pretends to be from Spotify’s customer support, inquiring about updating payment details, and creates a legitimate-looking fake Spotify login page where sensitive information can be stolen.
Clever Credential Phishing Attempt Features Fake Microsoft Office 365 Password Change Link
An attacker embeds a malicious link into an image file that looks like a Microsoft Office 365 password change alert and includes official-sounding written disclosures to increase credibility.
Attacker Utilizes Fake Voicemail Attachment in Malware Delivery
Harnessing a legitimate-looking domain as a mask, an attacker attempts to infect a recipient's computer with malware by pretending to send a voicemail attachment.
Credential Phisher Impersonates Internal Company Admin to Steal Sensitive Information
Using a real domain from the company as a mask, an attacker informs the recipient of blocked emails and provides links to help resolve the issue.