Search the repository of unique attacks observed by the Abnormal Intelligence team.
Compromised Account Used in Attempt to Siphon Nearly $4M Worth of Invoices

An attacker gains access to a compromised account and attempts to redirect large invoices to a new offshore bank.

Attacker Impersonates Apple to Request Billing Details

Using a cleverly disguised no-reply domain, an attacker poses as Apple customer support in an attempt to get billing details and other sensitive information.

Lookalike Domain with Single Letter Change Used for $82,000 Invoice Fraud

An attacker changes one letter of a domain to a similar-looking letter in an attempt to redirect a large invoice.

Attacker Posing as Vendor Requests Early Payment of $240,000 Invoice

Using a lookalike domain, an attacker uses conversational language in a fake billing scam.

Attacker Uses Lookalike Domain to Attempt Receipt of $621,000 Invoice

By removing a single letter in the sending domain to still appear legitimate, an attacker attempts to redirect a large invoice.

Attacker Follows Up On Unpaid $132,000 Invoice Using Compromised Vendor Account

After a vendor account is compromised, an attacker references unpaid invoices and utilizes lookalike domains to attempt payment fraud.

Multiple Employees Engage with a Compromised Vendor Account Requesting New Banking Details

An attacker hijacks an email account and communicates with two employees who are unaware the account has been compromised.

$45,000 Wire Transfer Fraud Attempt from Compromised Vendor Account

This attack uses a compromised vendor account and cc’s lookalike domains in an attempted wire transfer fraud.

Sophisticated Attacker Targets Employees for $94,000 Fraud Attempt

By employing a look-alike domain name, an attacker attempts to redirect a large invoice totaling nearly $100k.

Ivy League Health Director Compromised in Monkeypox Scare Spoof

By leveraging a recent public health crisis and targeting universities, the attacker hopes to elicit immediate action and steal email credentials.

Seized Funds Phishing Attempt via JP Morgan Chase & Co Impersonation

This attack features an impersonation by a well-known bank that attempts to steal account credentials.

Attack Spoofs Debt Relief Agency and Impersonates Attorney

This attack features an impersonation of an attorney on behalf of a debt relief agency in an attempt to receive a $1,000 payment.

Zelle Impersonation Attack Targets Branch Manager

A popular money transferring service is impersonated in an attempted extortion.

Attacker Requests £61,000 Using Compromised Vendor Account with Lookalike Email Cc'ed

Attackers hijack an ongoing thread and create a lookalike domain to continue the conversation as part of an invoice fraud attack.

Attempted Payment Fraud Using Lookalike Domain and Real Invoices Targets Manufacturing Company

Attackers pose as existing vendors and use lookalike domain and real invoices in attempt to fraudulently update payment information.

Phishing Attack Disguised as Notification Informing VP Storage Capacity Limit Exceeded

Attackers disguise phishing email to VP at financial institution as notification that full storage capacity has been reached and emails will no longer be delivered.

Fake Email Account Deactivation Notice with Phishing Link Targeting Online Retailer

Attackers pose as the internal support team at an online retailer and claim the recipient's email account has been queued for deactivation in an attempt to steal credentials or install malware.

Brand Impersonation Phishing Attack Targets VIP Using Fake Zoom Meeting Invite

This phishing attack leverages brand impersonation in an attempt to trick a VIP into clicking on a phishing link disguised as a Zoom meeting invite.

Phishing Attack Impersonates Real Estate Agent Sending Fake Document Notification to Lawyer

This phishing attack impersonated a real estate agent using dotloop, a real estate transaction management software, to trick the recipient into visiting a phishing website.

Attacker Impersonates Partner at Venture Capital Firm to Execute Payroll Diversion

This payroll diversion attack impersonated a partner at a venture capital firm inquiring about how to update direct deposit information to a new bank.


Attack Type

Impersonated Party

Impersonated Brand

Attack Goal

Attack Vector

Attack Tactic

Attack Theme

Attack Language