Search the repository of unique attacks observed by the Abnormal Intelligence team.
BEC Attack Impersonates Distribution Supplier and Offers Discount as an Incentive for Quick Payment

This BEC attack impersonated an external distribution partner using a compromised account and encrypted email service to inquire about outstanding payments, update payment account information, and offer a discount as a quick payment incentive.

Italian-language BEC Attack Attempts to Divert Executive's Paycheck

This Italian-language BEC attack impersonated a company executive to request an update to their payroll account information that would divert future paychecks to a fraudulent account.

Response-based Phishing Attack Impersonates CFO to Compromise Australian myGov Credentials

This attack impersonated a company CFO using a pretext of employee rewards and recognition to solicit a response leading to a request for Australian myGov credentials.

Credential Phishing Attack Poses as an Automated Aging Report Notification

This payload-based attack posed as an aging report being shared by an automated internal system that contained an HTML attachment leading to a credential phishing page.

Blind Third Party Attack Impersonates Eurocontrol to Solicit Fraudulent Payment

This BEC attack impersonated Eurocontrol using a spoofed email address and a lookalike domain to pressure a target into sending a fraudulent payment for a supposed overdue payment.

Debt Collection Extortion Attack Threatens Legal Action

This extortion attack impersonated a debt collection company to try and pressure the recipient into sending a fraudulent payment to fulfill an outstanding debt by threatening legal action.

Impersonated CFO Requests Monero as a Payment for Debts Owed to a Creditor

This BEC attack impersonated a company CFO to request a payment to be made using Monero to fulfill supposed debts owed to a creditor.

Holiday-Themed BEC Attack Impersonates Executive Using Fake Email Thread to Request Overdue Payment to Third-Party Vendor

This holiday-themed BEC attack impersonated a company executive using a maliciously-registered domain to request a supposedly outstanding payment be made to a third-party vendor referenced in a fake email thread.

Multi-Stage Credential Phishing Attack Uses Office365-themed PDF Attachment and Legitimate Adobe Hosting Infrastructure

This payload-based attack contained a Office365-themed PDF attachment with an embedded link to a legitimate Adobe page, which included another link to a final credential phishing page.

Vendor Impersonation BEC Attack Uses Modified Legitimate Invoice to Solicit Fraudulent Payment

This BEC attack impersonated a third-party vendor to request a fraudulent payment using modified legitimate invoice and a look-alike domain that was very similar to the vendor’s legitimate domain.

Spanish-language BEC Attack Solicits Million Dollar Payment Using an Acquisition Theme

This Spanish-language BEC attack impersonating a company executive used the pretext of an acquisition of a foreign company and the introduction of a second persona to attempt to coerce an employee into sending a nearly $1 million payment.

Credential Phishing Attack Poses as a Security Update to Enable End-to-End Encryption

This link-based credential phishing attack disguised itself as a security update to add end-to-end encryption on all employee devices.

TeamViewer Lookalike Site from Fake Bill Leads to Malware Download

This link-based attack hijacked an email thread from a compromised account to deliver a link leading to a fake TeamViewer page which attempts to download malware.

Attack Impersonating Compromised Third-Party to Share Document Leads to OneDrive Phishing Page

This link-based attack exploited the compromised account of an external third-party to make it appear that a vendor was sharing a link to a document about new dues, when the link actually led to a OneDrive phishing page to steal credentials.

Extortion Attack Claims to Have Installed Malware as a Pretext to Demand Bitcoin

This extortion attack, sent from a self-addressed spoofed email address, claimed to have installed a RAT on the recipient’s computer and demanded $950 in bitcoin in exchange for the attacker not releasing supposedly explicit videos of the recipient.

Gift Card BEC Attack Incorporates Christmas Gift Theme

This BEC attack impersonated an executive to ask the recipient to purchase prepaid cards for company employees as a holiday gift.

Third Party Reconnaissance Attack Targets Accounts Payable Team to Redirect Future Vendor Payments

This third party reconnaissance BEC attack impersonated a vendor’s accounting manager to request an update to the vendor’s bank account on file and redirect future payments to a fraudulent account.

Payroll Diversion BEC Attack Uses Foreign Character Substitution to Obfuscate Text

This BEC attack impersonated a team manager to attempt to divert the employee’s payroll direct deposit using an email that obfuscated its content using foreign character substitution.

Credential Phishing Attack Masquerades as an Employee Training Invoice

This payload-based credential phishing email employed bypass tactics, including a hidden sender address and obfuscated text, to pose as an invoice for employee training.

Credential Phishing Attack Poses as a Location-based Security Alert

This payload-based credential phishing attack sent from a self-addressed spoofed email address posed as a security alert, indicating the user’s data had been accessed from a suspicious location and an HTML attachment needed to be reviewed or else their account would be locked.


Attack Type

Impersonated Party

Impersonated Brand

Attack Goal

Attack Vector

Attack Tactic

Attack Theme

Attack Language