Search the repository of unique attacks observed by the Abnormal Intelligence team.
Microsoft Impersonator Uses Malicious QR Code in Credential Phishing Attack

An attacker emails a fake password expiration notification with a malicious QR code linked to a phishing site.

PayPal Impersonator Uses Bogus Claim of Pending Refund in Fake Billing Scam

An attacker creates an email designed to imitate communications from PayPal and attempts to coerce a target into sending money as part of a refund scheme.

Malware Attack Features Impersonation of Attorney and Malicious Attachment Disguised as Subpoena

An attacker impersonates a real lawyer and sends a malware-infected HTML attachment which the threat actor claims is a subpoena needing review.

PayPal Impersonator Uses Spoofed Email Hosted on Legitimate Domain to Attempt Credential Theft

An attacker mimics PayPal branding and uses an Outlook address with a spoofed sender name to compel a target to click a malicious link.

Vendor Impersonation Attack Utilizes Salesforce Link in Attempt to Steal Sensitive Information

After compromising a vendor’s domain, an attacker attempts to compel a target to click a phishing link disguised as a shared document.

Attacker Compromises Personal Webmail Account to Establish Trust Before Attempting a Scam

By disguising themselves behind a compromised personal webmail account, a threat actor hopes to first build a rapport with a target before executing the next stage of the attack.

Microsoft Impersonator Spoofs Voicemail Service and Uses QR Code in Attempted Credential Theft

By crafting an email that resembles a voicemail notification from Microsoft, an attacker hopes the target will scan a malicious QR code that leads to a credential phishing website.

Attacker Utilizes Calendar Attachment and Fake Cryptocurrency Payment to Spread Malware

An attacker sends a fake confirmation of Bitcoin payment to trick the recipient into downloading a malicious ICS file.

Threat Actor Impersonates Executive and Uses Fabricated Email Thread to Attempt Payment Fraud

An attacker creates a fake conversation between a vendor and an executive to make it appear that the executive is authorizing an ACH payment for an outstanding invoice.

Attacker Poses as Company Executive and Attempts to Establish Trust to Exploit for Future Financial Crimes

By discussing sensitive topics and establishing a rapport, an attacker hopes to convince a target to comply with fraudulent requests in the future.

Adobe Acrobat Sign Impersonator Sends Fake Document Notification Linked to Branded Office 365 Phishing Page

An attacker attempts to steal sensitive information using a fraudulent electronic signature request for a nonexistent NDA.

Attacker Uses Spoofed Domain to Send Fake Voicemail Notification Linked to Phishing Page

An attacker mimics a voice messaging service to lure a target to enter login credentials on a counterfeit landing page.

QuickBooks Impersonator Uses Look-Alike Domain in Cleverly Designed Credential Vishing Attempt

After maliciously registering a similar domain, an attacker tries to steal sensitive information by sending a fraudulent account cancellation notice with a fake customer service phone number.

Threat Actor Sends Fake DocuSign Notification of Payroll and Benefits Update in QR Code Phishing Attack

An attacker attempts credential theft via a PDF attachment with DocuSign branding containing a QR code linked to a phishing site impersonating a Microsoft login page.

Attacker Uses Compromised Vendor Account to Hijack Conversation and Attempt Payment Fraud

After breaking into a vendor’s email account, an attacker creates a look-alike domain to send a large invoice and discuss rerouting payments to a new bank account.

IRS Impersonator Sends Fake eFax Notification Regarding Tax Documents to Attempt Credential Theft

An attacker capitalizes on the inherent urgency of tax season and attempts to trick a target into clicking a malicious JPG to view purported tax documents.

Capital One Impersonator Creates Authentic-Looking Landing Page in Credential Phishing Attempt

Using a legitimate sending domain as a mask and a spoofed display name, an attacker pretends to be from Capital One’s customer service team to steal login credentials.

Vendor Impersonator Uses Cleverly-Designed Fake Microsoft Excel Spreadsheet to Attempt Credential Theft

After spoofing a legitimate domain, an attacker uses a fake password-protected financial document to steal sensitive information.

Threat Actor Launches Vendor Email Compromise Attack to Reroute Invoice Payments

After breaking into a vendor’s email account, an attacker uses official-sounding language to mimic legitimate communications and attempt payment fraud.

Likely AI-Generated United Nations Impersonator Attempts Credential Vishing Using $3.5 Million Payout as Lure

In a modern twist on the classic “Nigerian Prince” scam, an attacker poses as a UN employee to establish trust and compel the target to contact them via the provided phone number.

Filters

Attack Type

Impersonated Party

Impersonated Brand

Attack Goal

Attack Vector

Attack Tactic

Attack Theme

Attack Language

AI-Generated

See How Abnormal Stops Emerging Attacks

See a Demo