Attack Library
Threat Actor Poses as Vendor and Sends Fake QuickBooks Notification to Attempt Credential Theft
A threat actor fabricates a QuickBooks notification and sends a target a phishing link, purportedly to a password-protected overdue invoice.
Attacker Impersonates Lawyer and Attempts Payment Fraud Using Compromised Email Account
After compromising a lawyer’s Gmail account, an attacker builds rapport with the target by asking for help with paying a client before pivoting to a request for a larger transfer.
Threat Actor Compromises Account of Construction Project Manager and Uses Content-Sharing Platform to Send Fake RFP
An attacker attempts to trick a target into revealing sensitive information by using a compromised email account and a legitimate content-sharing platform.
Attacker Impersonates Company Admin in Clever Credential Phishing Attempt
A threat actor uses a fake message delivery failure notification and fabricated authentication processes to try to convince a target to reveal sensitive information.
Credential Phisher Uses Legitimate Email Marketing Platform to Send Fake Voicemail Alert
After compromising a Constant Contact account, the attacker impersonates a law firm and sends a fake voicemail notification to attempt credential theft.
Threat Actor Poses as Microsoft and Leverages Open Redirect in Clever Credential Phishing Attack
After registering a legitimate Microsoft-based email account, an attacker sends a fake Microsoft voicemail notification to deceive a target into entering sensitive information.
Attacker Uses Compromised Email to Send Fake Microsoft OneDrive Notification in Credential Phishing Attack
A threat actor exploits the reputation of an established domain to send an email with an embedded image of a fabricated file-sharing notification linked to a phishing page.
Microsoft Impersonator Uses Malicious QR Code in Credential Phishing Attack
An attacker emails a fake password expiration notification with a malicious QR code linked to a phishing site.
PayPal Impersonator Uses Bogus Claim of Pending Refund in Fake Billing Scam
An attacker creates an email designed to imitate communications from PayPal and attempts to coerce a target into sending money as part of a refund scheme.
Malware Attack Features Impersonation of Attorney and Malicious Attachment Disguised as Subpoena
An attacker impersonates a real lawyer and sends a malware-infected HTML attachment which the threat actor claims is a subpoena needing review.
PayPal Impersonator Uses Spoofed Email Hosted on Legitimate Domain to Attempt Credential Theft
An attacker mimics PayPal branding and uses an Outlook address with a spoofed sender name to compel a target to click a malicious link.
Vendor Impersonation Attack Utilizes Salesforce Link in Attempt to Steal Sensitive Information
After compromising a vendor’s domain, an attacker attempts to compel a target to click a phishing link disguised as a shared document.
Attacker Compromises Personal Webmail Account to Establish Trust Before Attempting a Scam
By disguising themselves behind a compromised personal webmail account, a threat actor hopes to first build a rapport with a target before executing the next stage of the attack.
Microsoft Impersonator Spoofs Voicemail Service and Uses QR Code in Attempted Credential Theft
By crafting an email that resembles a voicemail notification from Microsoft, an attacker hopes the target will scan a malicious QR code that leads to a credential phishing website.
Attacker Utilizes Calendar Attachment and Fake Cryptocurrency Payment to Spread Malware
An attacker sends a fake confirmation of Bitcoin payment to trick the recipient into downloading a malicious ICS file.
Threat Actor Impersonates Executive and Uses Fabricated Email Thread to Attempt Payment Fraud
An attacker creates a fake conversation between a vendor and an executive to make it appear that the executive is authorizing an ACH payment for an outstanding invoice.
Attacker Poses as Company Executive and Attempts to Establish Trust to Exploit for Future Financial Crimes
By discussing sensitive topics and establishing a rapport, an attacker hopes to convince a target to comply with fraudulent requests in the future.
Adobe Acrobat Sign Impersonator Sends Fake Document Notification Linked to Branded Office 365 Phishing Page
An attacker attempts to steal sensitive information using a fraudulent electronic signature request for a nonexistent NDA.
Attacker Uses Spoofed Domain to Send Fake Voicemail Notification Linked to Phishing Page
An attacker mimics a voice messaging service to lure a target to enter login credentials on a counterfeit landing page.
QuickBooks Impersonator Uses Look-Alike Domain in Cleverly Designed Credential Vishing Attempt
After maliciously registering a similar domain, an attacker tries to steal sensitive information by sending a fraudulent account cancellation notice with a fake customer service phone number.