Search the repository of unique attacks observed by the Abnormal Intelligence team.
Likely AI-Generated Credential Phishing Attack Features Impersonation of Medicare Australia

An attacker pretends to be from Medicare Australia and informs the recipient that their Medicare services have been suspended due to insufficient contact information.

Salesforce Impersonator Utilizes Look-Alike Domain in Fake Billing Scam

An attacker creates a domain visually similar to Salesforce [.]com, engages the target, and then forwards the thread to another colleague, heightening the chances of a successful scam.

National Health Service Spoofer Compromises Domain and Sends Masked Phishing Link in PNG Attachment

An attacker uses a legitimate NHS domain and Microsoft SharePoint to trick a recipient into clicking on a masked phishing link and exposing sensitive information.

Bank of America Impersonator Utilizes Google Drive to Send Masked Phishing Link Embedded in PDF Attachment

By creating a sense of urgency around unauthorized account access and using a sending domain that includes "Bank of America," the attacker aims to compel the recipient to take action.

Attacker Utilizes DocuSign to Send Masked Phishing Link Embedded in a PNG Attachment

By using a legitimate document-sending service, the attacker is counting on the recipient to engage with the attachment and expose sensitive information.

U.S. Department of Agriculture Impersonator Attempts Credential Theft Via QR Code in PDF Attachment

An attacker attempts credential theft by spoofing the USDA with an official-sounding message and a PDF attachment containing a QR code that leads to a phishing site.

Spotify Spoofer Attempts Credential Theft with Fake Login Page

An attacker pretends to be from Spotify’s customer support, inquiring about updating payment details, and creates a legitimate-looking fake Spotify login page where sensitive information can be stolen.

Clever Credential Phishing Attempt Features Fake Microsoft Office 365 Password Change Link

An attacker embeds a malicious link into an image file that looks like a Microsoft Office 365 password change alert and includes official-sounding written disclosures to increase credibility.

Attacker Utilizes Fake Voicemail Attachment in Malware Delivery

Harnessing a legitimate-looking domain as a mask, an attacker attempts to infect a recipient's computer with malware by pretending to send a voicemail attachment.

Credential Phisher Impersonates Internal Company Admin to Steal Sensitive Information

Using a real domain from the company as a mask, an attacker informs the recipient of blocked emails and provides links to help resolve the issue.

Insurance Company Impersonator Provides Fake Benefits Document in Likely AI-Generated Attempted Malware Delivery

An attacker leverages a legitimate-looking domain as a mask to send a likely malware-infected document purportedly about benefits information.

Coinbase Impersonator Attempts Credential Theft by Claiming Account Restriction

Hiding the actual sending domain behind a display name of "Coinbase," an attacker spoofs Coinbase's customer support to steal sensitive information.

Robinhood Impersonator Attempts Credential Theft With Fake Withdrawal Notification

By leveraging a domain similar to official Robinhood communications, an attacker attempts to steal sensitive information by creating a sense of urgency.

Sophisticated Attacker Impersonates a Company Admin and Utilizes Microsoft-Branded QR Code in Attempted Credential Phishing

An attacker creates a fake Microsoft-branded QR code and landing page to compel the recipient to enter sensitive information.

Multi-Layered Malware Attack Utilizes File-Sharing Tool Smash To Send Malicious PDF

An attacker gains control of a domain before attempting a payload-based attack using the file-sharing tool Smash.

Vacation Planner Impersonator Attempts Credential Phishing with Compromised Account

An attacker gains control of a vacation resort’s customer service email address and attempts to steal sensitive information after informing the recipient of a refund.

Apple Impersonator Creates Fake Landing Page in Credential Phishing Attempt

An attacker cleverly designs a fake landing page that mimics Apple’s legitimate website to entice the recipient to input sensitive information.

Multi-Layer Payment Fraud Attack Attempts Redirect of $13.5 Million Invoice

After compromising a construction company, an attacker circumvents typical security protocols and creates a look-alike domain in a fake billing scam.

TSB Bank Impersonator Uses Look-alike Domain in Likely AI-Generated Credential Phishing Attack

An attacker utilizes an unregistered look-alike domain as a mask to impersonate TSB Bank and steal sensitive information.

Netflix Impersonator Likely Utilizes Generative AI in Credential Phishing Attack

An attacker takes control of a legitimate domain to impersonate Netflix customer support in a credential theft attempt.


Attack Type

Impersonated Party

Impersonated Brand

Attack Goal

Attack Vector

Attack Tactic

Attack Theme

Attack Language