See the most unique and interesting attacks uncovered by Abnormal, with full insight into how cloud email security solutions can stop them.
Adobe Acrobat Secure Fax Link Leads to Dropbox-Hosted Phishing Website

An attacker email containing an image of an Adobe Acrobat fax link leads to a phishing website hosted on Dropbox infrastructure.

Employee Benefits Eligibility Lure Used to Phish for Email Credentials

Attackers impersonate the HR department to deliver an updated Employee Benefits Eligibility Policy as part of a credential phishing attack.

Accounts Payable Impersonated in Malware Delivery Attack

Attackers impersonate Accounts Payable to deliver a payroll remittance attachment that contains malware.

Executive Impersonation Used to Elicit Secrecy in Employee Surprise

Attackers impersonate an executive and rely on human willingness to help in order to request a surprise appreciation gift for the team.

Executive Impersonated in LinkedIn Overdue Payment Request

Attackers impersonate an executive to bolster the validity of a fraudulent invoice in this double-phased attack that requests payment for an overdue invoice.

Dutch Executive Impersonated in Invoice Fraud Attempt

The attacker impersonates a Dutch executive and requests that payment be made now to a company in England.

Executive Impersonated in Payroll Diversion Scheme

Cybercriminals impersonate an executive and target the payroll administrator in an ask to update direct deposit information to a bank account owned by the attacker.

Hijacked Thread Used in Password Protected Malware Attack

This attack uses an ongoing email thread from a compromised vendor and password protected file to evade security solutions and deliver malware.

Executive Impersonation Used to Steal Aging Reports

Attackers impersonate a VIP within the organization to request an aging report of all outstanding vendor names and invoices.

DHL Fake Shipping Notification Used in HTML Credential Phishing Attack

Attackers impersonate DHL and ask the recipient to check their shipping documents, hidden behind a fake Microsoft 365 credential phishing page.

Call Center Phone Fraud Uses Fake Norton Invoice to Encourage Malware Installation

Increasingly popular, this phone fraud scam tricks recipients into believing that a payment has been made and encourages them to call a number to fix the problem.

Paid Invoice Notification Used for Credential Phishing Attack

Attackers use an external compromised vendor account and a receipt confirmation to trick recipients into providing their Microsoft 365 credentials.

Vendor Impersonation Used to Siphon Invoice Payments

Attackers impersonate a vendor by using a lookalike domain, stating that their banking details have changed and all new invoices should be directed to the new account.

Payroll Impersonation Designed to Elicit Quick User Response in Credential Phishing Attack

Attackers impersonate an encrypted Microsoft email focused on paystub registration to steal Microsoft 365 credentials.

Fake Encrypted Secure Message Spoofed in Credential Phishing Attack

Attackers send what appears to be an encrypted message, similar to what you might receive from your bank, to trick recipients into providing Microsoft 365 login information.

DocuSign Brand Impersonation Leads to Credential Phishing Attacks

Attackers use well-known document management service DocuSign to trick users into providing Outlook login credentials.

Executive Impersonated in Hijacking of Mergers & Acquisitions Transaction

Attackers impersonate the CEO using a spoofed email address to ask the recipient if they have been contacted by an attorney to facilitate an acquisition as the first stage of an attack designed to intercept a transaction.

Generic Email Support Team Impersonated in Password Change Malware Attack

Attackers impersonate a generic support team as part of a multi-stage malware attack, first informing the recipient that their password needs reset and asking them to call for support.

Office 365 Image Evades Text Analysis in Credential Phishing Attack

Attackers rendered an Office 365 email as a single image file with an accompanying credential phishing link wrapping the image.

Extortion Attack on Employees Used in Ploy for Bitcoin Payments

Attackers use a text-based email stating that they have access to the recipient’s personal information, including photos and browser history, stating that it will be deleted in exchange for a bitcoin payment.


Attack Vector

Attack Goal

Attack Tactic

Impersonated Party

Attack Type