This BEC attack impersonated a company COO using a free webmail account registered using the COO’s name to request an employee purchase gift cards to reward employee performance.
This BEC attack impersonated a company executive using a free Estonian email account to request that a payment be sent to a new independent contractor.
This payload-based credential phishing attack targeted an executive posing as an attached document needing review before receiving a company bonus.
This attack impersonates an accountant at a third-party supplier to request an outstanding payment to an alternate account due to a supposed outbreak of COVID-19 and monkeypox.
This German-language attack targets a CFO impersonating the company CEO to request internal bank account details and a large outgoing payment.
This phishing attack impersonates Microsoft using a password expiration theme to steal credentials via a malicious link.
This attack impersonates a company CEO to request a file containing a list of legal settlements that are pending payments.
This Swedish-language BEC attack impersonates a company executive to request payment for an outstanding invoice referenced in a fake email chain.
This attack impersonates the Australian Taxation Office with a payment transfer theme and asks the recipient to validate their identity by leading them to a phishing page contained within an HTML attachment.
This attack impersonates Wells Fargo using a spoofed email address and a home mortgage payoff theme to steal credentials via an HTML attachment.
A spoofed email impersonates a settlement release in order to trick recipients into opening a phishing attachment.
An attacker uses foreign character insertion in the email subject to send a request to connect via phone, likely for the purpose of purchasing gift cards.
An old email thread is hijacked and used to send a link to likely malware payload.
Fake invoice for a cryptocurrency purchase through PayPal is used to get email recipients to reach out via phone and likely download malware.
An attacker posing as a vendor attempts to solicit overdue payments by using a lookalike email address.
Attackers impersonate the human resources team to inform employees of salary increases, luring them to follow phishing links.
Attackers ask to update bank account details for an employee, using a spoofed email address to avoid detection.
An attacker email containing an image of an Adobe Acrobat fax link leads to a phishing website hosted on Dropbox infrastructure.
Attackers impersonate the HR department to deliver an updated Employee Benefits Eligibility Policy as part of a credential phishing attack.
Attackers impersonate Accounts Payable to deliver a payroll remittance attachment that contains malware.