Attack Library
Likely AI-Generated Vishing Attack Leverages Impersonation of Peacock and Fake Subscription Confirmation
A threat actor claims the target has signed up for the streaming service and includes a fabricated invoice to compel them to contact a fake customer support line.
Phisher Impersonates SiriusXM and Sends Fake Cancellation Notice to Harvest Credit Card Details
By posing as SiriusXM and offering a free 90-day subscription extension, an attacker hopes to convince the target to provide their credit card information.
Attacker Impersonates American Express to Trick Targets into Downloading Malware in Password Reset Scam
A threat actor exploits the trust of a known brand and manufactures urgency to deceive recipients into downloading malware under the guise of restoring account access.
Threat Actor Masquerades as Amazon Web Services Offering $300 Credit in Phishing Attack
An attacker attempts to steal sensitive information by impersonating AWS and encouraging the target to click a phishing link disguised as an application for an account credit.
UPS Impersonator Convincingly Incorporates Branding in Credential Theft Attempt
An attacker uses a fake failed delivery notification and invitation to sign up for UPS My Choice to compel a target to divulge sensitive information.
Likely AI-Generated Phishing Attack Spoofs Craigslist to Steal Payment Information
A cybercriminal impersonates Craigslist and sends a likely AI-generated email regarding a payment failure to convince the target to provide payment details.
Likely AI-Generated Phishing Attack Uses Compromised Email Account to Impersonate Australia and New Zealand Banking Group
Attackers use an AI-generated email to exploit the trust of a known brand and direct recipients to a phishing site under the guise of enhancing account security.
Phishing Attack Impersonates PT Federal International Finance to Steal Bitcoin Wallet Credentials
Attackers attempt to deceive the recipient with a fake Bitcoin funding notification, leading to credential theft via a fraudulent website.
Threat Actor Impersonates IRS and Manufactures Urgency in Likely AI-Generated Phishing Attack
An attacker poses as the IRS and claims there's an issue with the target's tax return to deceive them into revealing private information.
Threat Actor Hijacks Conversation Using Look-alike Domain in Attempt to Divert $17M Wire Transfer
Posing as a vendor, an attacker inserts themselves into an existing email thread and tries to redirect the payment for a multi-million dollar invoice.
Attacker Attempts to Stealthily Divert $1.4M AUD Using Look-alike Domain and Email Hijacking
By exploiting existing email conversations and using a look-alike domain, a threat actor attempts to compel a target to transfer funds to an account controlled by the attacker.
Meta Impersonator Exploits Legitimate Domain in Fake Account Deletion Notification to Steal Credentials
In this likely AI-generated attack, a threat actor poses as a Meta representative and uses a link hosted on a legitimate domain as the first step in a phishing attempt.
Threat Actor Convincingly Impersonates FedEx in Likely AI-Generated Credential Phishing Attack
An attacker incorporates FedEx branding into a fake notification of a pending package to trick a target into providing sensitive information.
Attacker Impersonates HR and Sends Bogus Employee Assessment Notification in Phishing Attempt
Using a spoofed email address, a threat actor poses as the target company's HR team and manufactures a sense of urgency to manipulate the recipient into visiting a phishing page.
Threat Actor Compromises Faculty Email to Phish University VIP in Likely AI-Generated Attack
After compromising a legitimate email account, an attacker attempts credential theft by inviting a target to apply for an employee benefits program.
Wells Fargo Impersonator Manufactures Urgency to Prompt Quick Action in Vishing Attempt
An attacker poses as the Wells Fargo fraud department and exploits the target's fear of losing access to their bank account to compel them to call a vishing number.
Threat Actor Uses Compromised Email to Target Internal Employees in Credential Phishing Attempt
After compromising an email address, an attacker sends a fake document notification to fellow employees linked to a fake Microsoft login page hosted by Webflow designed to steal credentials.
School District Administrative Assistant Impersonator Compromises Email to Attempt Credential Theft
After compromising a vendor’s email address, an attacker crafts a fake document notification linked to a fake Microsoft login page hosted by Webflow designed to steal credentials.
Multi-Step Credential Phishing and Malware Attack Utilizes Canva and Fake Microsoft Login Page
After compromising a legitimate email account, an attacker uses Canva to host a malicious redirect link before impersonating Microsoft to gain access to a target’s environment and install Malware.
Attacker Compromises Attorney’s Account and Creates Spoofed SharePoint Landing Page in Credential Theft Attempt
Using the compromised account of a real attorney, an attacker emails the target regarding outstanding invoices with a link to a fake SharePoint landing page.