After compromising an email address, an attacker sends a fake document notification to fellow employees linked to a fake Microsoft login page hosted by Webflow designed to steal credentials.
After compromising a vendor’s email address, an attacker crafts a fake document notification linked to a fake Microsoft login page hosted by Webflow designed to steal credentials.
After compromising a legitimate email account, an attacker uses Canva to host a malicious redirect link before impersonating Microsoft to gain access to a target’s environment and install Malware.
Using the compromised account of a real attorney, an attacker emails the target regarding outstanding invoices with a link to a fake SharePoint landing page.
After spoofing one of Microsoft’s real no-reply emails, an attacker sends an identical imitation of a OneDrive notification regarding recently deleted files, urging the target to take action.
An attacker impersonates payment solutions provider Wirex using a convincing account verification email and branded phishing page to steal login credentials.
After spoofing a PayPal customer service email, an attacker sends a fraudulent notification regarding a bogus McAfee charge to compel the target to call a fake support center and cancel the transaction.
By mimicking Coinbase’s branding in both the email and landing page, an attacker attempts to create a sense of urgency around suspicious account activity and prompt immediate action from the target.
Leveraging a compromised external vendor account, an attacker sends a fake Docusign notification linked to a Google Sites page containing a phishing link to steal sensitive information.
After compromising a lawyer’s Gmail account, an attacker builds rapport with the target by asking for help with paying a client before pivoting to a request for a larger transfer.
An attacker attempts to trick a target into revealing sensitive information by using a compromised email account and a legitimate content-sharing platform.
A threat actor uses a fake message delivery failure notification and fabricated authentication processes to try to convince a target to reveal sensitive information.
After compromising a Constant Contact account, the attacker impersonates a law firm and sends a fake voicemail notification to attempt credential theft.
After registering a legitimate Microsoft-based email account, an attacker sends a fake Microsoft voicemail notification to deceive a target into entering sensitive information.
A threat actor exploits the reputation of an established domain to send an email with an embedded image of a fabricated file-sharing notification linked to a phishing page.