Search the repository of unique attacks observed by the Abnormal Intelligence team.
Attacker Impersonates Partner at Venture Capital Firm to Execute Payroll Diversion

This payroll diversion attack impersonated a partner at a venture capital firm inquiring about how to update direct deposit information to a new bank.

Attacker Impersonates Attorney and Sends Fake Dropbox File Transfer Notification to Deliver Malware

This malware attack impersonated a real attorney at a real firm using Dropbox to transfer a file purported to be a contract that is likely malicious.

Fake Payment Message Leads to Malware Infected ZIP File Download

Attackers trick recipients into opening a ZIP file containing malware by stating that the file contains payment information for a recent purchase.

Danish BEC Attack Impersonates CEO to Request Gift Cards

This Danish-language BEC attack impersonated a company CEO to request the purchase of iTunes gift cards.

BEC Attack Impersonates Vendor to Request Account Update Using Fake Bank Authorization Letter

This BEC attack impersonated a vendor using a lookalike domain and fake bank authorization letter to request an update to their payment account information.

Credential Phishing Attack Poses as a Secure Message Shared by the IRS

This link-based attack impersonated the IRS using the pretext of sharing a secure ShareFile message that led to a phishing site designed to steal email credentials.

Phishing Attack Impersonating FedEx Steal Personal and Financial Data Using Captcha Protection and MFA Bypass

This phishing attack impersonated FedEx using a fake shipping notification pretext to direct a recipient to a captcha-protected phishing page created to steal personal and financial information using MFA bypass tactics.

Fake Billing Scam Poses as a Receipt for a Quickbooks License Upgrade

This fake billing scam posed as a receipt for an upgraded Quickbooks license to get the recipient to reach out via phone and likely coerce them into installing malware.

Italian-Language Aging Report Theft BEC Attack Impersonates Company Executive

This Italian-language BEC attack impersonated a company executive to request a list of customers and their overdue balances.

Attack Uses Fake OneNote Attachment to Deliver Malware

This attack posted as a shared settlement document containing a malicious OneNote (.ONE) attachment to deliver malware.

Phishing Attack Uses Pretext of Shared Tax Documents to Steal Employee Credentials

This link-based attack incorporated a fake file attachment posing as shared tax documents that led to a phishing page meant to steal email credentials across multiple email providers.

Email Posing as Request for Tax Help Pivots from Response-based to Link-based Attack to Deliver Malware

This attack posed as a prospective client requesting assistance on tax returns that was used to deliver malware via a malicious link in a follow-up message.

BEC Attack Poses as a Factoring Company to Request Aging Report with Customer Payment Information

This BEC attack impersonated an external factoring company using a free webmail account with a customized impersonation username to request a copy of an updated aging report containing customer payment and contact information.

BEC Attack Targets Head of Human Resources to Request Copies of Employee W-2s

This BEC attack impersonated the company CEO using multiple free webmail accounts to request a copy of all employee W-2s.

Email Poses as an Incoming ACH Payment with HTML Attachment Leading to Branded Credential Phishing Page

This payload-based attack posed as a fake incoming ACH payment masked as an automated email from an internal company system, which contained an HTML attachment that led to a branded phishing page intended to steal the recipient’s credentials.

Hungarian BEC Attack Impersonates Executive to Request a Payment to a Fake UK Company

This Hungarian-language BEC attack impersonated a company executive using a freely-available Gmail account to request a payment to be sent to a fictitious company located in the United Kingdom.

Phishing Attack Steals Credentials by Imitating HR Request to Review New Employee Handbook

This link-based attack imitated a company human resources email that announced the release of a new employee handbook, which included a link to a phishing page meant to steal an employee’s name and email credentials.

Payload Credential Phishing Attack Poses as an HR Announcement About New Employee Benefits

This payload-based phishing attack posed as an announcement from the company human resources team about updates to the company’s employee benefits package and requested the recipient review a supposed updated handbook, which actually opened a phishing page to steal account credentials.

French-language BEC Attack Impersonates Executive Requesting Assistance in a Corporate Acquisition

This French-language BEC attack impersonated a company executive using a free webmail account created with a lookalike username to request assistance making a payment that was supposedly part of a corporate acquisition.

BEC Attack Impersonates a CEO Using a Combination of a Spoofed Email Address and Reply-to Address with a Mirrored Username

This BEC attack impersonated a company CEO using a combination of a spoofed email address and an account hosted on a malicious domain created with a username matching the CEO’s to request a fraudulent payment.


Attack Type

Impersonated Party

Impersonated Brand

Attack Goal

Attack Vector

Attack Tactic

Attack Theme

Attack Language