Attack Library
Attacker Impersonates Australia Post Using Spoofed Address and Sends Bogus Delivery Alert to Attempt Credential Theft
Utilizing a spoofed sender address that closely resembles a legitimate email address, a threat actor hopes to trick targets into divulging private information.
DHL Impersonator Uses Spoofed Email and Microsoft CAPTCHA to Trick Targets in Phishing Attack
Threat actors hope to deceive recipients into revealing sensitive information by leveraging mimicked branding and spoofed versions of familiar security mechanisms.
Cybercriminals Send Bogus Microsoft Email System Update Alert in Likely AI-Generated Phishing Attack
Threat actors impersonate Microsoft and use a fake notification regarding a critical error to deceive targets into revealing sensitive information.
Phishers Pose as Amazon and Use Fraudulent Payment Alert to Steal Sensitive Information
Attackers impersonate Amazon and claim there is an issue with the target’s Prime account in hopes of deceiving them into revealing private data.
Netflix Impersonator Attempts Credential Theft in Likely AI-Generated Phishing Attack
Utilizing a look-alike domain and mimicked branding, threat actors hope to deceive targets into revealing sensitive information.
HTML Attachment Renders Local Phishing Page and Exfiltrates Credentials via Telegram
This phishing attack uses an HTML attachment to render a local sign-in page, steals credentials, and exfiltrates them via Telegram API.
Attacker Impersonates Instagram and Uses Fake Verified Badge Notification to Steal Credentials
Cybercriminals mimic Instagram and Meta branding in a malicious email and spoofed login portal in this phishing attack.
Threat Actors Exploit Docusign to Share Link to Spoofed Microsoft Login and Steal Credentials
An attacker uses Docusign to share a document containing a malicious link hidden behind a Cloudflare Turnstile.
Attackers Weaponize Zoom Docs to Phish Targets Using Fake Microsoft Portal
A threat actor exploits Zoom Docs to deliver a file with a malicious link that utilizes a Cloudflare Turnstile before redirecting to a phishing page.
Attackers Pose as Social Security Administration and Use Fake Benefits Update to Deploy Malware
Cybercriminals exploit trust in government communications to trick recipients into downloading a malicious file.
Fake Quickbooks Suspension Email Aims to Steal Account Information in Likely AI-Generated Phishing Attack
Using a spoofed email, threat actors impersonate Quickbooks and attempt to manipulate targets into revealing sensitive information.
Virgin Media Impersonator Sends Fake Security Update to Steal Login Credentials
Threat actors exploit an iCloud address to attempt credential theft via a malicious login portal featuring mimicked branding.
Phishing Attack Impersonates MetaMask with Fake KYC Verification Request
Cybercriminals exploit urgency and KYC compliance to trick recipients into revealing sensitive cryptocurrency wallet information.
Threat Actor Poses as Newrez and Uses Spoofed Email to Send Fake Loan Payoff Request in Phishing Attack
Cybercriminals impersonate a mortgage lender and use a fake notification of a new message to trick recipients into disclosing sensitive information.
Phishing Attack Mimics Capital One Password Reset Notification to Steal Login Credentials
Cybercriminals exploit the fear of an unauthorized password reset to deceive recipients into revealing sensitive information.
TD Bank Impersonator Uses Fake Contact Information Verification Request in Phishing Attack
Cybercriminals use a spoofed email and impersonated branding to pose as TD Bank and attempt to trick recipients into revealing sensitive information.
Phishing Attack Uses Compromised Account to Send Text-Free Email with Link to PDF Hosted on SharePoint
Threat actor sends fraudulent notification of online fax containing purchase order for review to compel target to view PDF containing phishing link.
Cybercriminals Impersonate Santander Bank with Fake Identity Verification in Credential Theft Attempt
A threat actor sends a fraudulent unauthorized transaction alert to trick targets into providing sensitive information.
Phishing Attack Disguised as Timesheet Update from HR Attempts to Steal Personal Data
Threat actors impersonate the target’s internal HR department to deceive recipients into revealing confidential information.
Threat Actors Use Fake Bank of America Security Alert to Attempt Credential Theft
Cybercriminals use bogus security notifications to exploit fear of account issues and harvest sensitive information.