Attack Library
Microsoft OneDrive Impersonator Spoofs Outlook Email and Creates Fake Login Page in Credential Phishing Attempt
After spoofing one of Microsoft’s real no-reply emails, an attacker sends an identical imitation of a OneDrive notification regarding recently deleted files, urging the target to take action.
Attacker Impersonates Cryptocurrency Service in Likely AI-Generated, Multi-Step Credential Theft Attempt
An attacker impersonates payment solutions provider Wirex using a convincing account verification email and branded phishing page to steal login credentials.
Multi-Step Vishing Attempt Features Impersonation of PayPal and McAfee
After spoofing a PayPal customer service email, an attacker sends a fraudulent notification regarding a bogus McAfee charge to compel the target to call a fake support center and cancel the transaction.
Likely AI-Generated Coinbase Impersonator Creates Fake Landing Page in Multi-Step Credential Phishing Attack
By mimicking Coinbase’s branding in both the email and landing page, an attacker attempts to create a sense of urgency around suspicious account activity and prompt immediate action from the target.
Attacker Exploits Google Sites and Uses Compromised Vendor Account to Spoof Docusign in Phishing Attempt
Leveraging a compromised external vendor account, an attacker sends a fake Docusign notification linked to a Google Sites page containing a phishing link to steal sensitive information.
DocuSign Impersonator Sends Bogus Tax-Related Email to Lure Target to Credential Phishing Website
By posing as a trusted brand and manufacturing a sense of urgency, an attacker hopes to deceive a target into providing sensitive information.
Threat Actor Convincingly Impersonates Employee Requesting Direct Deposit Update in Likely AI-Generated Attack
The attacker uses a Gmail account to send an email free of grammatical errors and with no malicious payloads to attempt payroll diversion.
Attacker Leverages Stealthy Lookalike Domain in Cunning $36 Million Invoice Fraud Attempt
Using a lookalike domain with a .cam suffix instead of .com, an attacker attempts to redirect a massive loan payment to a fraudulent LLC.
Attacker Compromises Vendor Account and Uses Confluence Page to Attempt Credential Theft
A threat actor masks a phishing link to a fake Microsoft login page in a Confluence notification sent from a compromised vendor account.
Threat Actor Poses as Vendor and Sends Fake QuickBooks Notification to Attempt Credential Theft
A threat actor fabricates a QuickBooks notification and sends a target a phishing link, purportedly to a password-protected overdue invoice.
Attacker Impersonates Lawyer and Attempts Payment Fraud Using Compromised Email Account
After compromising a lawyer’s Gmail account, an attacker builds rapport with the target by asking for help with paying a client before pivoting to a request for a larger transfer.
Threat Actor Compromises Account of Construction Project Manager and Uses Content-Sharing Platform to Send Fake RFP
An attacker attempts to trick a target into revealing sensitive information by using a compromised email account and a legitimate content-sharing platform.
Attacker Impersonates Company Admin in Clever Credential Phishing Attempt
A threat actor uses a fake message delivery failure notification and fabricated authentication processes to try to convince a target to reveal sensitive information.
Credential Phisher Uses Legitimate Email Marketing Platform to Send Fake Voicemail Alert
After compromising a Constant Contact account, the attacker impersonates a law firm and sends a fake voicemail notification to attempt credential theft.
Threat Actor Poses as Microsoft and Leverages Open Redirect in Clever Credential Phishing Attack
After registering a legitimate Microsoft-based email account, an attacker sends a fake Microsoft voicemail notification to deceive a target into entering sensitive information.
Attacker Uses Compromised Email to Send Fake Microsoft OneDrive Notification in Credential Phishing Attack
A threat actor exploits the reputation of an established domain to send an email with an embedded image of a fabricated file-sharing notification linked to a phishing page.
Microsoft Impersonator Uses Malicious QR Code in Credential Phishing Attack
An attacker emails a fake password expiration notification with a malicious QR code linked to a phishing site.
PayPal Impersonator Uses Bogus Claim of Pending Refund in Fake Billing Scam
An attacker creates an email designed to imitate communications from PayPal and attempts to coerce a target into sending money as part of a refund scheme.
Malware Attack Features Impersonation of Attorney and Malicious Attachment Disguised as Subpoena
An attacker impersonates a real lawyer and sends a malware-infected HTML attachment which the threat actor claims is a subpoena needing review.
PayPal Impersonator Uses Spoofed Email Hosted on Legitimate Domain to Attempt Credential Theft
An attacker mimics PayPal branding and uses an Outlook address with a spoofed sender name to compel a target to click a malicious link.