A threat actor exploits the reputation of an established domain to send an email with an embedded image of a fabricated file-sharing notification linked to a phishing page.
An attacker creates an email designed to imitate communications from PayPal and attempts to coerce a target into sending money as part of a refund scheme.
By disguising themselves behind a compromised personal webmail account, a threat actor hopes to first build a rapport with a target before executing the next stage of the attack.
By crafting an email that resembles a voicemail notification from Microsoft, an attacker hopes the target will scan a malicious QR code that leads to a credential phishing website.
An attacker creates a fake conversation between a vendor and an executive to make it appear that the executive is authorizing an ACH payment for an outstanding invoice.
After maliciously registering a similar domain, an attacker tries to steal sensitive information by sending a fraudulent account cancellation notice with a fake customer service phone number.
An attacker attempts credential theft via a PDF attachment with DocuSign branding containing a QR code linked to a phishing site impersonating a Microsoft login page.
After breaking into a vendor’s email account, an attacker creates a look-alike domain to send a large invoice and discuss rerouting payments to a new bank account.
An attacker capitalizes on the inherent urgency of tax season and attempts to trick a target into clicking a malicious JPG to view purported tax documents.
Using a legitimate sending domain as a mask and a spoofed display name, an attacker pretends to be from Capital One’s customer service team to steal login credentials.
After breaking into a vendor’s email account, an attacker uses official-sounding language to mimic legitimate communications and attempt payment fraud.