Attack Library
NDM Hospitality Impersonator Hijacks Email Thread in Convincing Credential Phishing Attack
An attacker compromises a vendor account and sends the target a fake Microsoft SharePoint link purportedly to a time-sensitive service agreement.
University HR Admin Impersonator Uses QR Code and Fake Microsoft Login Page in Credential Theft Attempt
Using official-sounding language, university branding, and a believable premise, an attacker attempts to steal sensitive information.
Attacker Compromises Legitimate Account and Embeds Phishing Link in Fake QuickBooks Payment Notification
Using a compromised email address, the threat actor sends a purposefully vague payment confirmation with an embedded phishing link.
Threat Actor Exploits Dynamics 365 Customer Voice in Phishing Attack Targeting Executive at Global Insurance Distributor
An attacker compromises an external account and embeds a phishing link in a Microsoft survey tool disguised as a document-sharing notification.
OpenSea Impersonator Creates Fake Landing Page in Sophisticated Credential Phishing Attack
After compromising a known domain, the attacker creates a fake landing page that mimics OpenSea’s official website and leverages social engineering to create a sense of urgency and persuade the target to take action.
Cleverly Designed Credential Phishing Attempt Impersonates Microsoft and Utilizes Authentic-Looking Fake Landing Page
Using a real domain as a mask, an attacker sends an image attachment with a QR code to entice the target to follow the link to reauthenticate MFA on a fake landing page.
Credential Phisher Utilizes Look-alike Domain and Fake Microsoft SharePoint Landing Page to Steal Sensitive Information
An attacker gets engagement from the target after discussing an RFQ and uses Microsoft survey forms to create a spoofed SharePoint link to appear legitimate.
Attacker Exploits Trusted Brands and Impersonates Financial Services Provider to Attempt Credential Phishing
In this credential phishing attack, the threat actor sends a fake invoice payment confirmation with a phishing link obscured using a URL shortener.
Threat Actor Impersonates Debt Collection Service and Threatens Legal Action to Compel Quick Payment
In this debt collection scam, the attacker sends a fraudulent final notice for a nonexistent debt and uses social engineering to create a sense of urgency.
AT&T Mail Impersonator Uses Google Slides to Mask Link to Phishing Site Disguised as Login Page
A threat actor sends an account expiration notification with a link to a Google Slides presentation containing an embedded phishing link.
Attacker Compromises Account to Send Malicious Link to Fake Microsoft Login Page Designed to Steal Sensitive Information
After compromising a pro-manchester email account, a threat actor uses Monograph to host a malicious link that sends the target to a fake Microsoft login page.
Canada Post Impersonator Uses Japanese Domain in Credential Theft Attempt
A threat actor spoofs a Japanese domain and impersonates Canada Post to prompt targets to click on a credential phishing link.
Attacker Compromises New Jersey Department of Health Email Account and Sends Fake Document with Masked Phishing Link
After compromising the account, an attacker creates a fake document purporting to be a faxed invoice that includes a masked phishing link.
Chase Bank Impersonator Utilizes Google Drive to Send Masked Phishing Link Embedded in PDF Attachment
By creating a sense of urgency around unauthorized account activity and using a display name that includes "Chase Bank," the attacker aims to compel the recipient to take action.
PayPal Impersonator Uses PandaDoc to Send Fake Document in Credential Theft Attempt
An attacker claims to be from PayPal investigating a fraudulent transaction and requests sensitive information from the target to complete a verification process.
Trust Wallet Impersonator Combines Email Spoofing and Social Engineering in Credential Phishing Attack
An attacker attempts credential theft by impersonating Trust Wallet and sending a phishing link disguised as an account verification page.
Multi-Layer Instagram Impersonator Creates Several Fake Landing Pages in Sophisticated Credential Phishing Attempt
An attacker informs the target about copyright infringement and provides a fake form and login page to steal login credentials.
Likely AI-Generated Credential Vishing Attack Features Impersonation of Walmart
An attacker attempts to create a sense of urgency and compel the target to call a fake customer service number by sending a bogus receipt for a recent iPhone purchase.
HR Impersonator Spoofs Healthcare Advisory Company to Attempt Credential Theft
Using a “two-bridge[.]com” domain as a mask, an attacker sends a credential phishing email disguised as an HR department update regarding approval of a new company handbook.
UPS Impersonator Uses Compromised Account in Credential Phishing Attempt
After compromising a legitimate domain, an attacker impersonates UPS and asks the recipient to verify shipping information via a phishing link.