Attack Library
QR Code in Fake Benefits Handbook Links to Phishing Site
A phishing email impersonates HR and shares a fake employee benefits handbook. The attached file contains a QR code that links to a credential harvesting site.
Phishing Email Uses Dropbox Bait and AWS App Runner to Host Webmail Login Scam
An attacker impersonates a project manager to deliver a Dropbox file link that leads to a fake webmail login page hosted on AWS App Runner.
Fake Box Document Preview Redirects to Microsoft Login Phish
A phishing email disguised as an RFP links to a spoofed Box document preview, ultimately redirecting users to a fake Microsoft login page for credential theft.
Fake GitHub Alerts Trick Developers Into Granting OAuth Access
Attackers exploit GitHub Issues to send fake security alerts and abuse OAuth apps to hijack developer accounts without stealing passwords.
Gamma-Hosted File-Sharing Phishing Attack Uses Cloudflare Turnstile to Evade Detection
A malicious email links to a Gamma-hosted presentation that redirects to a Cloudflare Turnstile-protected phishing page impersonating Microsoft to steal credentials.
Threat Actors Leverage PandaDoc and Dropbox to Deliver Decoy File and Phish for Microsoft Credentials
Attackers use PandaDoc and Dropbox links to disguise credential phishing behind a decoy document and bypass secure email gateways.
Phishers Spoof Netflix and Send Fake Account Closure Notice to Steal Sensitive Information
Attackers impersonate Netflix and manufacture a sense of urgency to trick employees into clicking a malicious link.
Attackers Leverage Fake Zoom Invites to Deliver Remote Access Tool During Tax Season
A phishing email disguised as a Zoom invite tricks targets into downloading ScreenConnect, giving attackers remote access to the target's computer.
Job Application Lures Use Dropbox-Hosted Resume to Deliver Remote Access Trojan
A fake CV hosted on Dropbox delivers a multi-stage VBS loader, ultimately dropping Remcos RAT after geofencing and sandbox checks.
Fake Amazon Web Services Billing Notification Used in Credential Theft Attempt
Attackers impersonate Amazon Web Services and deceive targets into visiting a phishing site under the guise of viewing a billing statement.
QR Code Phishing Attack Uses Embedded MHT Files in Payroll-Themed Documents
A salary-themed phishing email delivers a DOCX file with an embedded MHT and hidden QR code that leads to a phishing site.
Cybercriminals Send Fake PayPal Security Alert from Spoofed Address to Steal Account Details
By impersonating PayPal and claiming an account update is required, attackers hope to deceive targets into visiting a phishing page and providing login credentials.
Attackers Mimic ADFS Login Pages to Steal Credentials and Bypass MFA for Account Takeover
A phishing email spoofing IT notifications leads users to a fake ADFS login page, capturing credentials and MFA tokens to enable account takeover.
Citibank Impersonators Send Fake Account Update Alert from Spoofed Address in Credential Phishing Attempt
Attackers mimic Citibank security alerts to trick users into visiting a fake login page and divulging sensitive information.
Attackers Impersonate Coinbase and Send Fake Binance Payment Notification in Cryptocurrency Scam
Claiming the recipient has passively earned thousands of dollars in Bitcoin, threat actors attempt to deceive them into visiting a malicious credential-harvesting site.
Adaptive Phishing Attack Uses Whimsical and Lucid to Deliver Microsoft 365 Credential Phish
A phishing campaign uses a trusted vendor account and design platforms Whimsical and Lucid to deliver a fake Microsoft 365 login and steal user credentials.
Phishers Send Fake Adobe Acrobat Notification to Attempt Credential Theft
Attackers impersonate Adobe and use urgency around a time-sensitive document to trick employees into visiting a malicious site.
Fake FedEx Address Verification Email Uses QR Code to Steal Personal Data in Likely AI-Generated Attack
Phishers attempt to steal personal information by impersonating FedEx and sending targets a PDF containing a QR code linked to a malicious site.
Phishers Send Fake Microsoft 365 Account Verification Request in Likely AI-Generated Attack
Threat actors send fraudulent notification regarding Microsoft 365 updates to deceive targets into revealing account credentials.
Fake SendGrid Payment Failure Notification Used in Credential Theft Attempt
Attackers used a spoofed email address and convincing impersonated branding to deceive targets into exposing sensitive login details.