The Abnormal Attack Vault
Executive Impersonated in Aging Report Theft
Attackers impersonate an executive to request that an aging report be sent, complete with invoice numbers, payment terms, and client information.
Executive Impersonated in LinkedIn Overdue Payment Request
Attackers impersonate an executive to bolster the validity of a fraudulent invoice in this double-phased attack.
Executive Impersonation Used to Elicit Secrecy in Employee Surprise
Attackers impersonate an executive and rely on human willingness to help in order to request a surprise appreciation gift for the team.
Executive Impersonated in Payroll Diversion Scheme
Cybercriminals impersonate an executive and target the payroll administrator in an ask to update direct deposit information to a bank account owned by the attacker.
Vendor Impersonated with Hijacked Email Thread to Steal Payments
Attackers impersonate a vendor using a hijacked email thread and a lookalike domain to request payment for a fraudulent invoice worth nearly $10,000.
Executive Impersonated in Legal Matter to Request Overdue Payment
Attackers impersonate an executive and use a fake email chain to request an overdue payment of over £65,000, adding information about a fake legal case to increase the urgency to pay.
Dutch Executive Impersonation Payment Fraud BEC Attack
This text-based Dutch-language BEC attack impersonates an executive using a personalized email subject, a spoofed display name, and a free webmail account to request a fraudulent payment.
Fake Document Link-based Malware Attack
This link-based attack uses a hijacked email thread and a fake document theme to deliver malware.
Norton Fake Payment Receipt Fake Billing Scam
This text-based fake billing scam impersonates Norton using a content obfuscation via image and a fake payment receipt theme.
DHL Fake Shipping Notification HTML Attachment Credential Phishing Attack
This payload-based attack impersonates DHL using a free webmail account and a fake shipping notification theme to steal credentials.
Expired Account Credential Phishing Attack
This link-based attack uses a personalized email subject, a maliciously registered domain, and an expired account theme to steal credentials.
Executive Impersonation Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using a spoofed email address, a matching malicious domain username, and a maliciously registered domain to request a fraudulent payment.
Executive Impersonation Aging Report Theft BEC Attack
This text-based BEC attack impersonates an executive using a personalized email subject, a maliciously registered domain, and a spoofed display name to request a copy of an aging report.
Executive Impersonation Payroll Diversion BEC Attack
This text-based BEC attack impersonates an executive using a spoofed display name and a free webmail account to divert payroll deposits to a fraudulent account.
Dutch Executive Impersonation Gift Card Request BEC Attack
This text-based Dutch-language BEC attack impersonates an executive using a personalized email subject, a cell phone number request, a spoofed display name, and a free webmail account to request the purchase of gift cards.
Payment Inquiry Credential Phishing Attack
This link-based attack impersonates a vendor/supplier using an external compromised account and a payment inquiry theme to steal credentials.
Vendor Impersonation Payment Inquiry Credential Phishing Attack
This text-based attack impersonates a vendor/supplier using a look-alike domain, a spoofed display name, and a payment inquiry theme to steal credentials.
Fake Invoice Credential Phishing Attack
This link-based attack impersonates a vendor/supplier using an external compromised account and a fake invoice theme to steal credentials.
Vendor Impersonation Payment Inquiry BEC Attack
This text-based BEC attack impersonates a vendor/supplier using a look-alike domain and a payment inquiry theme to request a fraudulent payment.
German Executive Impersonation Gift Card Request BEC Attack
This text-based German-language BEC attack impersonates an executive using a spoofed display name and a free webmail account to request the purchase of gift cards.