What is emailsecurity.org?
Emailsecurity.org was created as a resource for the cybersecurity community to provide a centralized, marketing-free location for information about email-based phishing attacks. The site is maintained by Abnormal Security, but contains attack samples and intelligence reports from various sources in the private sector, public sector, law enforcement, and academia.
Attack Vault
Executive Impersonation Employee Incentive Gift Card Request BEC Attack
This text-based BEC attack impersonates an executive using a spoofed display name, a free webmail account, and an employee incentive theme to request the purchase of gift cards.
Vendor Impersonation Overdue Payment BEC Attack
This text-based BEC attack impersonates a vendor/supplier using a hijacked email thread, a look-alike domain, a matching malicious domain username, and an overdue payment theme to request a fraudulent payment.
Dutch Executive Impersonation Payment Fraud BEC Attack
This text-based Dutch-language BEC attack impersonates an executive using a personalized email subject, a spoofed display name, and a free webmail account to request a fraudulent payment.
Executive Impersonation Payroll Diversion BEC Attack
This text-based BEC attack impersonates an executive using a matching free webmail username and a spoofed display name to divert payroll deposits to a fraudulent account.
Executive Impersonation Aging Report Theft BEC Attack
This text-based BEC attack impersonates an executive using a spoofed display name and a free webmail account to request a copy of an aging report.