Likely

Not Likely

.ONE File

Aging Report Theft

Credential Theft

Extortion

Gift Card Request

Malware Delivery

Payment Fraud

Payroll Diversion

W-2 Theft

ACE Cash Express

Adobe

Amazon

Amazon Web Services

American Express

American Financial Group

Apple

Australia and New Zealand Banking Group

Australia Post

Australian Taxation Office

Bank of America

Bendigo and Adelaide Bank

Bittrex

BlockFi

Booking.com

Canada Post

Capital One

Chase

Coinbase

Craigslist

Dashlane

Disney

DocuSign

Dropbox

Etsy

EUROCONTROL

Europol

Eventbrite

Facebook

FedEx

FTX Trading Ltd.

Google

Instagram

Kraken

LinkedIn

Matrix Debt Relief

McAfee

Medicare Australia

MetaMask

MetLife

Microsoft

Microsoft Teams

monday.com

myGov

Netflix

New Jersey Department of Health

New York State Tax Department

Newrez

Norton

Office365

OneDrive

OpenSea

Outlook

PayPal

Peacock

QuickBooks

RingCentral

Robinhood

Salesforce

Santander Bank

SendGrid

ShareFile

SharePoint

Shopify

SiriusXM

Social Security Administration

Spotify

Square

Squarespace

Stripe

TD Bank

TeamViewer

Trust Wallet

TSB Bank

University

USDA

USPS

Venmo

Virgin Media

Walmart

Wells Fargo

Wirex

Zelle

Zoom

Zoom Docs

ZoomInfo

Brand

Employee - Executive

Employee - Other

External Party - Other

External Party - Vendor/Supplier

Government Agency

Internal System

Danish

Dutch

French

German

Hungarian

Italian

Lithuanian

Norwegian

Spanish

Swedish

BCC Recipient List

Blank Email Body

Branded Phishing Page

Captcha-Protected Phishing Page

Cell Phone Number Request

Compromised Sending Domain

Content Obfuscation via Image

Extended Spoofed Display Name

External Compromised Account

Fake Attachment

Fake Email Chain

Fake Website

Foreign Character Substitution

Free Webmail Account

Hidden Sender Address

Hijacked Email Thread

Legitimate Hosting Infrastructure

Look-alike Domain

Maliciously Registered Domain

Masked Phishing Link

Matching Free Webmail Username

Matching Malicious Domain Username

MFA Bypass

Mismatched Reply-To Address

Modified Document

Obfuscated Email Content

Obfuscated File Source Code

Personalized Email Subject

Self-Addressed Spoofed Email

Spoofed Display Name

Spoofed Email Address

Account Update

Account Verification

Audit

Bid Proposal

COVID-19

Cryptocurrency

Debt Collection

Direct Deposit Payment

Employee Benefits

Employee Incentive

Fake Document

Fake Invitation

Fake Invoice

Fake Payment

Fake Payment Receipt

Fake Shipping Notification

Fake Voicemail

Financial Services

Health Concern

Holiday Gift

Human Resources Announcement

Legal Matter

Mergers & Acquisitions

New Vendor

Overdue Payment

Password Expiration

Payment Inquiry

Real Estate Transaction

Secure Message

Security Update

Suspended Account

Suspicious Account Activity

Tax Return

Business Email Compromise

Credential Phishing

Credential Vishing

Fake Billing Scam

Financial Services Scam

Malware

Vendor Email Compromise

Link-based

Payload-based

Text-based

An attacker uses Docusign to share a document containing a malicious link hidden behind a Cloudflare Turnstile.

Threat Actors Exploit Docusign to Share Link to Spoofed Microsoft Login and Steal Credentials

A threat actor exploits Zoom Docs to deliver a file with a malicious link that utilizes a Cloudflare Turnstile before redirecting to a phishing page.

Attackers Weaponize Zoom Docs to Phish Targets Using Fake Microsoft Portal

Threat actor sends fraudulent notification of online fax containing purchase order for review to compel target to view PDF containing phishing link.

Phishing Attack Uses Compromised Account to Send Text-Free Email with Link to PDF Hosted on SharePoint

Schedule a Demo - AI

Abnormal Blog

<p>Subscribe to our monthly newsletter to receive the latest insights from our team directly in your inbox.</p>

Abnormal Intelligence Email Subscribe

Top Bar

<p>New BEC Insights from Chris Krebs, Former Director of CISA</p>

Homepage

Breadcrumbs

{"title":{"title":"Attack Library | Abnormal"}}

Search the repository of unique attacks observed by the Abnormal Intelligence team.

Attack Library

Attack Library

Threat Actors Exploit Docusign to Share Link to Spoofed Microsoft Login and Steal Credentials

Attackers Weaponize Zoom Docs to Phish Targets Using Fake Microsoft Portal

Phishing Attack Uses Compromised Account to Send Text-Free Email with Link to PDF Hosted on SharePoint

Filters

Attack Type

Impersonated Party

Impersonated Brand

Attack Goal

Attack Vector

Attack Tactic

Attack Theme

Attack Language

AI-Generated

See How Abnormal Stops Emerging Attacks