Attack Library
Attack Uses Fake OneNote Attachment to Deliver Malware
This attack posted as a shared settlement document containing a malicious OneNote (.ONE) attachment to deliver malware.
Phishing Attack Uses Pretext of Shared Tax Documents to Steal Employee Credentials
This link-based attack incorporated a fake file attachment posing as shared tax documents that led to a phishing page meant to steal email credentials across multiple email providers.
Email Posing as Request for Tax Help Pivots from Response-based to Link-based Attack to Deliver Malware
This attack posed as a prospective client requesting assistance on tax returns that was used to deliver malware via a malicious link in a follow-up message.
BEC Attack Poses as a Factoring Company to Request Aging Report with Customer Payment Information
This BEC attack impersonated an external factoring company using a free webmail account with a customized impersonation username to request a copy of an updated aging report containing customer payment and contact information.
BEC Attack Targets Head of Human Resources to Request Copies of Employee W-2s
This BEC attack impersonated the company CEO using multiple free webmail accounts to request a copy of all employee W-2s.
Email Poses as an Incoming ACH Payment with HTML Attachment Leading to Branded Credential Phishing Page
This payload-based attack posed as a fake incoming ACH payment masked as an automated email from an internal company system, which contained an HTML attachment that led to a branded phishing page intended to steal the recipient’s credentials.
Hungarian BEC Attack Impersonates Executive to Request a Payment to a Fake UK Company
This Hungarian-language BEC attack impersonated a company executive using a freely-available Gmail account to request a payment to be sent to a fictitious company located in the United Kingdom.
Phishing Attack Steals Credentials by Imitating HR Request to Review New Employee Handbook
This link-based attack imitated a company human resources email that announced the release of a new employee handbook, which included a link to a phishing page meant to steal an employee’s name and email credentials.
Payload Credential Phishing Attack Poses as an HR Announcement About New Employee Benefits
This payload-based phishing attack posed as an announcement from the company human resources team about updates to the company’s employee benefits package and requested the recipient review a supposed updated handbook, which actually opened a phishing page to steal account credentials.
French-language BEC Attack Impersonates Executive Requesting Assistance in a Corporate Acquisition
This French-language BEC attack impersonated a company executive using a free webmail account created with a lookalike username to request assistance making a payment that was supposedly part of a corporate acquisition.
BEC Attack Impersonates a CEO Using a Combination of a Spoofed Email Address and Reply-to Address with a Mirrored Username
This BEC attack impersonated a company CEO using a combination of a spoofed email address and an account hosted on a malicious domain created with a username matching the CEO’s to request a fraudulent payment.
Extortion Attack Impersonates French Law Enforcement and Europol
This extortion attack impersonated French law enforcement and Europol to attempt to coerce a target into contacting a secondary email address using threats of arrest and media exposure.
BEC Attack Impersonates Distribution Supplier and Offers Discount as an Incentive for Quick Payment
This BEC attack impersonated an external distribution partner using a compromised account and encrypted email service to inquire about outstanding payments, update payment account information, and offer a discount as a quick payment incentive.
Italian-language BEC Attack Attempts to Divert Executive's Paycheck
This Italian-language BEC attack impersonated a company executive to request an update to their payroll account information that would divert future paychecks to a fraudulent account.
Response-based Phishing Attack Impersonates CFO to Compromise Australian myGov Credentials
This attack impersonated a company CFO using a pretext of employee rewards and recognition to solicit a response leading to a request for Australian myGov credentials.
Credential Phishing Attack Poses as an Automated Aging Report Notification
This payload-based attack posed as an aging report being shared by an automated internal system that contained an HTML attachment leading to a credential phishing page.
Blind Third Party Attack Impersonates Eurocontrol to Solicit Fraudulent Payment
This BEC attack impersonated Eurocontrol using a spoofed email address and a lookalike domain to pressure a target into sending a fraudulent payment for a supposed overdue payment.
Debt Collection Extortion Attack Threatens Legal Action
This extortion attack impersonated a debt collection company to try and pressure the recipient into sending a fraudulent payment to fulfill an outstanding debt by threatening legal action.
Impersonated CFO Requests Monero as a Payment for Debts Owed to a Creditor
This BEC attack impersonated a company CFO to request a payment to be made using Monero to fulfill supposed debts owed to a creditor.
Holiday-Themed BEC Attack Impersonates Executive Using Fake Email Thread to Request Overdue Payment to Third-Party Vendor
This holiday-themed BEC attack impersonated a company executive using a maliciously-registered domain to request a supposedly outstanding payment be made to a third-party vendor referenced in a fake email thread.