Attack Vault
The Attack Vault contains samples of email-based cyber attacks targeting enterprise users, including business email compromise (BEC) attacks, financial supply chain fraud, credential phishing, malware attacks, and other types of scams. The email subject and body content of these samples can be searched and the repository can be filtered based on specific characteristics using the options below.
This collection of attack samples is not meant to be a comprehensive repository of all email-based threats. Rather, the Attack Vault contains a cross-section of various types of cyber threats--each containing a unique combination of tactics, themes, and/or content--to provide a general overview of some of the more notable attacks observed in today's email threat landscape.
Paid 05/12/2022
$124,67.90
Print or save
Powered by QuickBooks
Dear [Recipient Username] ,
Here's your invoice! We appreciate your prompt payment.
Thanks for your business!
5642 Belleza Dr Pleasanton, CA 94588 US
Fake Invoice Link-based Malware Attack
This link-based attack impersonates a vendor/supplier using a self-addressed spoofed email and a fake invoice theme to deliver malware.
Goedemorgen ,
We moeten €14,840.70 betalen aan een bedrijf in het VK, ben je nu beschikbaar om de betaling te verwerken?
Groeten,
[Executive Name].
Dutch Executive Impersonation Payment Fraud BEC Attack
This text-based Dutch-language BEC attack impersonates an executive using a spoofed email address and a free webmail account to request a fraudulent payment.
Good Morning [Recipient First Name],
I got a call from my bank not quite long enough that my account will be placed on hold for some info needed from me to update it and I had to switch to a new financial institution. Can you please update my new direct deposit info for me? I would be glad if the changes can be effective for the current pay day. What Information Do You Need ?
Regards
[Impersonated Employee Name]
[Impersonated Employee Title]
[Company Name]
Employee Impersonation Payroll Diversion BEC Attack
This text-based BEC attack impersonates an employee using a personalized email subject, a spoofed display name, and a free webmail account to divert payroll deposits to a fraudulent account.
I need you to complete the CHAPS/Faster payment to a vendor.
How soon can you get it done?
Regards,
[Executive Name]
Executive Impersonation Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using a personalized email subject, a spoofed display name, and a free webmail account to request a fraudulent payment.
Hi ,
I am reaching out to you on behalf of [Impersonated Vendor Name] concerning an outstanding payment which is long overdue with the Invoice 474864. This invoice is past due and your prompt payment is appreciated.
Could you kindly check your records and advise accordingly?
I wait to hear from you soon
Best Regards
[Impersonated Vendor Employee Name]
[Impersonated Vendor Employee Title]
[Impersonated Vendor Name]
[Impersonated Vendor Contact Information]
Vendor Impersonation Overdue Payment BEC Attack
This text-based BEC attack impersonates a vendor/supplier using a spoofed display name, a look-alike domain, and an overdue payment theme to request a fraudulent payment.
Hi [Recipient Email Address,
This is to notify you that a payment of $701 has been made from your account. This payment was made to Coinbase Global Inc. on account of Bitcoin trading.
Find your purchase summary below.
Order ID YHYMPNDW
Transaction ID 9367528
Recipient Coinbase
Product Bitcoins
Quantity 0.010304726
Amount $701
GET SUPPORT
In case you did not authorize this payment, please contact our Support team at our helpline number provided below. If you feel your account has been breached, cancel this transaction by calling us immediately to report your issue and request a full refund.
+1(601) 724-8568
PayPal Cryptocurrency Fake Payment Receipt Fake Billing Scam
This text-based fake billing scam impersonates PayPal using a cryptocurrency theme and a fake payment receipt theme.
Good morning,
[Impersonated Third Party Name] is respectfully requesting your company submit a proposal for the attached scope of work. You will find the scope of work and bid set plan along with specific sizing documents associated with this project, please see the link below to view bid:
REVIEW BID PROPOSAL HERE
To those who perform in multiple divisions; quotes for multiple areas of work are welcomed and encouraged. However, please provide separate estimates for each division or area of work that you plan to quote.
Should you have any questions please do not hesitate to reach out to me directly.
Thank you,
Kind regards,
[Impersonated Third Party Employee Name]
[Impersonated Third Party Employee Title]
[Impersonated Third Party Name]
Bid Proposal Credential Phishing Attack
This link-based attack impersonates an external third party using an external compromised account and a bid proposal theme to steal credentials.
DHTGKGF-426429
Dear [Recipient Name]
We processed your $691.96 to Zerd-Crypto
(Bill Id@KJWE9045JKE1536)
Transaction ID
KJWE9045JKE1536
Seller
Zerd-Crypto
Doge coin
Transaction Date
May, 11 2022 (Wednesday)
Instruction to seller
#[Recipient Email Address]
Product
Quantity
Amount
# (Zerd-Crypto)
1
$691.96
Subtotal
.
$691.96
Shipping
.
Free
Total
.
$691.96
Charge will appear on your credit card statement as "PayPal Already passed through your account and may take 24hrs to reflect."
If not you, connect us earliest as possible.
Customer Care No (888 - 370 (1580))
In case of any information regarding the product and charge please reach out to our PayPal Representative.
Regards : Nathan
In case of any trouble or query
This invoice is generated by PayPal
PayPal Cryptocurrency Fake Payment Receipt Fake Billing Scam
This text-based fake billing scam impersonates PayPal using a personalized email subject, a cryptocurrency theme, and a fake payment receipt theme.
Hi [Recipient First Name],
I would like to modify my account on file for Direct Deposit and would want the change to take effect for my current paycheck what are the requirements .
Thanks
[Executive First Name]
Sent from iPhone
Executive Impersonation Payroll Diversion BEC Attack
This text-based BEC attack impersonates an executive using a spoofed display name and a maliciously registered domain to divert payroll deposits to a fraudulent account.
[Recipient First Name],
Would you please transfer $98,000 to the wire instruction below and also send me a copy of the payment confirmation.
Memo: [Fake Vendor Name]
Wire funds to Bank Of America
Bank address 8001 Villa Park Drive. Henrico, VA 23228
Routing number [Routing Number]
Account number [Account Number]
Beneficiary name [Fake Vendor Name]
Beneficiary address [Fake Vendor Address]
Thank you,
[Executive Name].
Executive Impersonation Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using a spoofed display name and a maliciously registered domain to request a fraudulent payment.
