Attack Library
Fake Billing Scam Leverages Look-alike Domain to Send Fraudulent $1,000,000 Invoice
Using a look-alike domain, an attacker impersonates a vendor and sends a remittance request for a fake invoice totaling nearly $1,000,000.
Attacker Provides Bogus Contact Info to Boost Credibility in Fake Loan Offer Scam Targeting Students
After spoofing a legitimate email address, a threat actor sends university students a fraudulent offer for loan services and includes seemingly accurate contact information.
Vendor Impersonator Uses Fake Invoice Notification In Credential Theft Attempt
By compromising a legitimate domain, an attacker hopes to entice the target to a credential phishing website where sensitive information like payment details can be stolen.
Disney+ Impersonator Creates Multi-Stage Vishing and Fake Billing Scam Attack Using Personalized Attachments
An attacker uses a look-alike domain and Disney+ branding to trick a target into calling a fake customer service phone number related to a new Disney+ subscription.
Phisher Impersonates Amazon and Reports Issue with Prime Membership to Prompt Target to Share Sensitive Information
Threat actor attempts to fraudulently obtain credentials and/or payment details using Amazon-branded PDF containing an embedded phishing link.
DHL Impersonator Spoofs Legitimate Domain to Send Fake Failed Shipment Notification in Phishing Attack
An attacker attempts to steal sensitive information by encouraging the recipient to use a masked phishing link to update their shipping address for a pending delivery.
Threat Actor Spoofs Legitimate Domain in Dual Credential Phishing Attack and Fake Billing Scam
An attacker attempts to steal login credentials and also reroute payments by sharing a fraudulent invoice behind a fake Adobe Acrobat login screen.
HR Impersonator Provides Fake Payroll Update in Credential Theft Attempt
By creating a sense of urgency and using official-sounding language, an attacker attempts to compel the target to click a phishing link purportedly related to payroll updates.
NDM Hospitality Impersonator Hijacks Email Thread in Convincing Credential Phishing Attack
An attacker compromises a vendor account and sends the target a fake Microsoft SharePoint link purportedly to a time-sensitive service agreement.
University HR Admin Impersonator Uses QR Code and Fake Microsoft Login Page in Credential Theft Attempt
Using official-sounding language, university branding, and a believable premise, an attacker attempts to steal sensitive information.
Attacker Compromises Legitimate Account and Embeds Phishing Link in Fake QuickBooks Payment Notification
Using a compromised email address, the threat actor sends a purposefully vague payment confirmation with an embedded phishing link.
Threat Actor Exploits Dynamics 365 Customer Voice in Phishing Attack Targeting Executive at Global Insurance Distributor
An attacker compromises an external account and embeds a phishing link in a Microsoft survey tool disguised as a document-sharing notification.
OpenSea Impersonator Creates Fake Landing Page in Sophisticated Credential Phishing Attack
After compromising a known domain, the attacker creates a fake landing page that mimics OpenSea’s official website and leverages social engineering to create a sense of urgency and persuade the target to take action.
Cleverly Designed Credential Phishing Attempt Impersonates Microsoft and Utilizes Authentic-Looking Fake Landing Page
Using a real domain as a mask, an attacker sends an image attachment with a QR code to entice the target to follow the link to reauthenticate MFA on a fake landing page.
Credential Phisher Utilizes Look-alike Domain and Fake Microsoft SharePoint Landing Page to Steal Sensitive Information
An attacker gets engagement from the target after discussing an RFQ and uses Microsoft survey forms to create a spoofed SharePoint link to appear legitimate.
Attacker Exploits Trusted Brands and Impersonates Financial Services Provider to Attempt Credential Phishing
In this credential phishing attack, the threat actor sends a fake invoice payment confirmation with a phishing link obscured using a URL shortener.
Threat Actor Impersonates Debt Collection Service and Threatens Legal Action to Compel Quick Payment
In this debt collection scam, the attacker sends a fraudulent final notice for a nonexistent debt and uses social engineering to create a sense of urgency.
AT&T Mail Impersonator Uses Google Slides to Mask Link to Phishing Site Disguised as Login Page
A threat actor sends an account expiration notification with a link to a Google Slides presentation containing an embedded phishing link.
Attacker Compromises Account to Send Malicious Link to Fake Microsoft Login Page Designed to Steal Sensitive Information
After compromising a pro-manchester email account, a threat actor uses Monograph to host a malicious link that sends the target to a fake Microsoft login page.
Canada Post Impersonator Uses Japanese Domain in Credential Theft Attempt
A threat actor spoofs a Japanese domain and impersonates Canada Post to prompt targets to click on a credential phishing link.