In this attack, the threat actor sent the VP of a financial institution a fake notification that the recipient had exceeded his storage capacity and needed to clear his cache immediately to continue sending and receiving messages.

Status Bar Dots
UA Storage Capacity Phishing Attack Email Edited

The email contains an embedded link to clear the cache, which, if clicked, would redirect the recipient to a potentially malicious website.

How Does This Attack Bypass Email Defenses?

As the attack is text-based and includes no known malicious URL or domain, typical email defenses struggle to determine malicious intent. The email was sent from an internal email address, and all authentication checks for SPF, DKIM, and DMARC passed.

How Can This Attack Be Detected?

As the email appears to be sent from an internal email address, typical email defenses are not able to detect malicious intent. Business owners need to implement a comprehensive approach to email security, including training employees on identifying phishing attacks, adopting advanced email security solutions, and staying current with threat trends. By investing in robust security measures and educating employees, businesses can prevent phishing attacks and safeguard sensitive data.

What are the Risks of This Attack?

If the recipient had followed the embedded link in the email and visited the fraudulent website, they could inadvertently grant access to their emails and potentially sensitive information. This could result in unauthorized access to confidential information, potential data breaches, and reputational damage.

Analysis Overview




Malware Delivery
Credential Theft


Personalized Email Subject
Free Webmail Account
Spoofed Email Address
Legitimate Hosting Infrastructure


Account Update

See How Abnormal Stops Emerging Attacks

See a Demo