Attack Vault
The Attack Vault contains samples of email-based cyber attacks targeting enterprise users, including business email compromise (BEC) attacks, financial supply chain fraud, credential phishing, malware attacks, and other types of scams. The email subject and body content of these samples can be searched and the repository can be filtered based on specific characteristics using the options below.
This collection of attack samples is not meant to be a comprehensive repository of all email-based threats. Rather, the Attack Vault contains a cross-section of various types of cyber threats--each containing a unique combination of tactics, themes, and/or content--to provide a general overview of some of the more notable attacks observed in today's email threat landscape.
Hola nómina,
Me gustaría cambiar la cuenta de mi Nómina a una cuenta nueva y me
gustaría saber si será efectivo para el próximo pago?
Gracias.
[Employee Name]
[Employee Title]
Spanish Employee Impersonation Payroll Diversion BEC Attack
This text-based Spanish-language BEC attack impersonates an employee using a spoofed display name and a free webmail account to divert payroll deposits to a fraudulent account.
You've received a new SharePoint Project Document:
Project [Recipient Company Name] Building Project
Title [Recipient Company Name] Building Project Documents
Bid No. 1232-05102022
From [Recipient Name] ([Recipient Email Address])
Subject Bid Documents, Drawing, Scope of Work and Purchase Order
VIEW SHAREPOINT PROJECT DOCUMENTS
Do not hesitate to send me an email if you have any question.
Please find attached project documents to bid for the above referenced project. Review the documents, send back requested information, and provide bid proposal or quotes based on the scope of work outlined in the bid documents.
Thanks,
Thank you
SharePoint Fake Document Credential Phishing Attack
This link-based attack impersonates SharePoint using a self-addressed spoofed email address, a personalized subject, and a fake document theme to steal credentials.
Hi,
A new online SharePoint proposal document has been sent to your desk, kindly see pdf using the secured URL below.
VIEW DOCUMENT.PDF
This is a sensitive and secured file. Please use your sign in details to access document
If you have any question, please don’t hesitate to email me.
Thanks for understanding,
[Recipient Signature]
SharePoint Fake Document Credential Phishing Attack
This link-based attack impersonates SharePoint using a self-addressed spoofed email address and a fake document theme to steal credentials.
Hello [Recipient First Name]
Hope you don't have so much on your plate? Well in case you do, kindly
peg it. I want you to perform a confidential task for me urgently, let
me know if you are available and also reply back with your personal
phone number or your valid WhatsApp number so that i can brief you.
Best Regards,
[Executive Name]
Sent from my iPhone.
Executive Impersonation Employee Incentive Gift Card Request BEC Attack
This text-based BEC attack impersonates an executive using a spoofed display name, a free webmail account, a cell phone number request, a WhatsApp number request, and an employee incentive theme to request the purchase of gift cards.
Good day,
This is a follow up on all of our invoices past due, can you let us know if any will be processed this week, Please also note that we have updated our remittance information and want payment sent to us via ACH direct deposit to our updated bank account.
Thank you.
[Impersonated Vendor Employee Name]
[Impersonated Vendor Company Name]
Accounts Receivable
[Impersonated Vendor Contact Details]
Vendor Impersonation Account Update BEC Attack
This text-based BEC attack impersonates a vendor/supplier using a spoofed display name, a look-alike domain, and an account update theme to request a fraudulent payment.
[Compromised Sender Domain] sent you a document to review and sign.
REVIEW DOCUMENT
Thank you,
[Compromised Sender Signature]
External Third Party Fake Document Credential Phishing Attack
This link-based attack impersonates an external third party using an external compromised account and a fake document theme to steal credentials.
Hallo Payroll,
Ik wil de rekening op mijn Payroll wijzigen naar een nieuwe rekening
en ik zou graag willen weten of deze geldig is voor de volgende
betaling?
Bedankt
[Employee Name]
[Employee Title]
Dutch Employee Impersonation Payroll Diversion BEC Attack
This text-based Dutch-language BEC attack impersonates an employee using a spoofed display name and a free webmail account to divert payroll deposits to a fraudulent account.
Dear Partner,
We kindly ask that you re-confirm to us the status of our outstanding or
any due payments if there are any, as we currently have to give you an
updated information.
Please get back to us immediately with the total amount that is
outstanding with corresponding due dates and invoices respectively.
If you need any further information, please do not hesitate to contact
me for further assistance.
Thank you for your compliance.
Kinds Regards
[Impersonated Vendor Employee Name] ([Impersonated Vendor Employee Title])
[Impersonated Vendor Company Name]
Vendor Impersonation Payment Inquiry BEC Attack
This text-based BEC attack impersonates a vendor/supplier using a spoofed email address, a free webmail account, and a payment inquiry theme to request a fraudulent payment.
Hello,
kindly re-confirm Cell phone number,
Your Recognition is required to get a task completed real quick. I will
be expecting your feedback
thanks...
Executive Impersonation Gift Card Request BEC Attack
This text-based BEC attack impersonates an executive using a personalized email subject, a cell phone number request, a spoofed email address, and a free webmail account to request the purchase of gift cards.
Hi [Recipient First Name],
Please can we process a payment today? for a legal consultation ordered by myself.
Best Regards
[Executive Name].
Executive Impersonation Legal Matter Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using a spoofed display name, a free webmail account, and a legal matter theme to request a fraudulent payment.
