Attack Library
Gamma-Hosted File-Sharing Phishing Attack Uses Cloudflare Turnstile to Evade Detection
A malicious email links to a Gamma-hosted presentation that redirects to a Cloudflare Turnstile-protected phishing page impersonating Microsoft to steal credentials.
Threat Actors Leverage PandaDoc and Dropbox to Deliver Decoy File and Phish for Microsoft Credentials
Attackers use PandaDoc and Dropbox links to disguise credential phishing behind a decoy document and bypass secure email gateways.
Attackers Leverage Fake Zoom Invites to Deliver Remote Access Tool During Tax Season
A phishing email disguised as a Zoom invite tricks targets into downloading ScreenConnect, giving attackers remote access to the target's computer.
Job Application Lures Use Dropbox-Hosted Resume to Deliver Remote Access Trojan
A fake CV hosted on Dropbox delivers a multi-stage VBS loader, ultimately dropping Remcos RAT after geofencing and sandbox checks.
QR Code Phishing Attack Uses Embedded MHT Files in Payroll-Themed Documents
A salary-themed phishing email delivers a DOCX file with an embedded MHT and hidden QR code that leads to a phishing site.
Attackers Mimic ADFS Login Pages to Steal Credentials and Bypass MFA for Account Takeover
A phishing email spoofing IT notifications leads users to a fake ADFS login page, capturing credentials and MFA tokens to enable account takeover.
Attackers Impersonate Coinbase and Send Fake Binance Payment Notification in Cryptocurrency Scam
Claiming the recipient has passively earned thousands of dollars in Bitcoin, threat actors attempt to deceive them into visiting a malicious credential-harvesting site.
Adaptive Phishing Attack Uses Whimsical and Lucid to Deliver Microsoft 365 Credential Phish
A phishing campaign uses a trusted vendor account and design platforms Whimsical and Lucid to deliver a fake Microsoft 365 login and steal user credentials.
Phishers Send Fake Adobe Acrobat Notification to Attempt Credential Theft
Attackers impersonate Adobe and use urgency around a time-sensitive document to trick employees into visiting a malicious site.
Fake FedEx Address Verification Email Uses QR Code to Steal Personal Data in Likely AI-Generated Attack
Phishers attempt to steal personal information by impersonating FedEx and sending targets a PDF containing a QR code linked to a malicious site.
Phishers Send Fake Microsoft 365 Account Verification Request in Likely AI-Generated Attack
Threat actors send fraudulent notification regarding Microsoft 365 updates to deceive targets into revealing account credentials.
Fake SendGrid Payment Failure Notification Used in Credential Theft Attempt
Attackers used a spoofed email address and convincing impersonated branding to deceive targets into exposing sensitive login details.
Fraudulent Crypto-Related PayPal Notification Used in Likely AI-Generated Phishing Attack
Cybercriminals impersonate PayPal and fabricate cryptocurrency charges to manipulate recipients into revealing sensitive information.
Attackers Use Figma Files to Deliver Microsoft 365 Phishing Links and Evade Detection
A phishing campaign leverages compromised vendor accounts and Figma-hosted documents with embedded links to spoof Microsoft 365 login pages and harvest credentials.
Threat Actors Use Bogus Microsoft Teams Alert to Steal Credentials in Likely AI-Generated Attack
Cybercriminals leverage impersonated branding to deceive users into revealing sensitive information.
Threat Actor Exploits BlockFi Shutdown to Steal User Credentials in Likely AI-Generated Phishing Attack
Cybercriminals impersonate BlockFi, preying on former customers with bogus notifications regarding potential fund withdrawals.
Attackers Exploit Google Calendar Invites to Deliver Phishing Links via Google Drawings
A scam uses Google Calendar invite notifications and embedded Google Drawings to redirect targets to a fraudulent Bitcoin-themed phishing site.
Spoofed American Express Security Alert Exploits Urgency to Steal Credentials
Phishers send a bogus fraudulent activity notification to trick recipients into revealing sensitive information.
Fake Stripe Chargeback Alert Exploits PandaDoc to Steal Business Credentials
Attackers impersonate Stripe and exploit trusted document-sharing services to deceive business owners into revealing sensitive information.
Business Email Compromise Attack Uses Punycode Domains and Executive Impersonation to Evade Detection
A BEC attack leverages executive impersonation and subtle domain spoofing with Punycode to request sensitive financial data while bypassing traditional email security.