Attack Vault
The Attack Vault contains samples of email-based cyber attacks targeting enterprise users, including business email compromise (BEC) attacks, financial supply chain fraud, credential phishing, malware attacks, and other types of scams. The email subject and body content of these samples can be searched and the repository can be filtered based on specific characteristics using the options below.
This collection of attack samples is not meant to be a comprehensive repository of all email-based threats. Rather, the Attack Vault contains a cross-section of various types of cyber threats--each containing a unique combination of tactics, themes, and/or content--to provide a general overview of some of the more notable attacks observed in today's email threat landscape.
[Compromised Sender Domain] sent you a document to review and sign.
REVIEW DOCUMENT
Thank you,
[Compromised Sender Signature]
External Third Party Fake Document Credential Phishing Attack
This link-based attack impersonates an external third party using an external compromised account and a fake document theme to steal credentials.
Good day,
This is a follow up on all of our invoices past due, can you let us know if any will be processed this week, Please also note that we have updated our remittance information and want payment sent to us via ACH direct deposit to our updated bank account.
Thank you.
[Impersonated Vendor Employee Name]
[Impersonated Vendor Company Name]
Accounts Receivable
[Impersonated Vendor Contact Details]
Vendor Impersonation Account Update BEC Attack
This text-based BEC attack impersonates a vendor/supplier using a spoofed display name, a look-alike domain, and an account update theme to request a fraudulent payment.
Hello [Recipient First Name]
Hope you don't have so much on your plate? Well in case you do, kindly
peg it. I want you to perform a confidential task for me urgently, let
me know if you are available and also reply back with your personal
phone number or your valid WhatsApp number so that i can brief you.
Best Regards,
[Executive Name]
Sent from my iPhone.
Executive Impersonation Employee Incentive Gift Card Request BEC Attack
This text-based BEC attack impersonates an executive using a spoofed display name, a free webmail account, a cell phone number request, a WhatsApp number request, and an employee incentive theme to request the purchase of gift cards.
Hi,
A new online SharePoint proposal document has been sent to your desk, kindly see pdf using the secured URL below.
VIEW DOCUMENT.PDF
This is a sensitive and secured file. Please use your sign in details to access document
If you have any question, please don’t hesitate to email me.
Thanks for understanding,
[Recipient Signature]
SharePoint Fake Document Credential Phishing Attack
This link-based attack impersonates SharePoint using a self-addressed spoofed email address and a fake document theme to steal credentials.
You've received a new SharePoint Project Document:
Project [Recipient Company Name] Building Project
Title [Recipient Company Name] Building Project Documents
Bid No. 1232-05102022
From [Recipient Name] ([Recipient Email Address])
Subject Bid Documents, Drawing, Scope of Work and Purchase Order
VIEW SHAREPOINT PROJECT DOCUMENTS
Do not hesitate to send me an email if you have any question.
Please find attached project documents to bid for the above referenced project. Review the documents, send back requested information, and provide bid proposal or quotes based on the scope of work outlined in the bid documents.
Thanks,
Thank you
SharePoint Fake Document Credential Phishing Attack
This link-based attack impersonates SharePoint using a self-addressed spoofed email address, a personalized subject, and a fake document theme to steal credentials.
Hola nómina,
Me gustaría cambiar la cuenta de mi Nómina a una cuenta nueva y me
gustaría saber si será efectivo para el próximo pago?
Gracias.
[Employee Name]
[Employee Title]
Spanish Employee Impersonation Payroll Diversion BEC Attack
This text-based Spanish-language BEC attack impersonates an employee using a spoofed display name and a free webmail account to divert payroll deposits to a fraudulent account.
[Recipient First Name],
Would you please transfer $98,000 to the wire instruction below and also send me a copy of the payment confirmation.
Memo: [Fake Vendor Name]
Wire funds to Bank Of America
Bank address 8001 Villa Park Drive. Henrico, VA 23228
Routing number [Routing Number]
Account number [Account Number]
Beneficiary name [Fake Vendor Name]
Beneficiary address [Fake Vendor Address]
Thank you,
[Executive Name].
Executive Impersonation Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using a spoofed display name and a maliciously registered domain to request a fraudulent payment.
Hi [Recipient First Name],
I would like to modify my account on file for Direct Deposit and would want the change to take effect for my current paycheck what are the requirements .
Thanks
[Executive First Name]
Sent from iPhone
Executive Impersonation Payroll Diversion BEC Attack
This text-based BEC attack impersonates an executive using a spoofed display name and a maliciously registered domain to divert payroll deposits to a fraudulent account.
[Recipient Email Domain] Cash Flow Statements has been shared with you
Hi [Recipient Email Address], Please see the attached Cash Flow Statements
icon [Recipient Email Domain] Cash Flow Statements.pdf
permission globe icon This link will work for [Recipient Email Address].
Open
OneDrive Fake Document Credential Phishing Attack
This link-based attack impersonates OneDrive using a spoofed email address and a fake document theme to steal credentials.
Hello,
Are you available to handle an urgent payment transfer of $253,500 aso soon as possible ?
Thanks,
[Executive Name]
[Executive Title]
[Company Name]
Executive Impersonation Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using a spoofed display name and a free webmail account to request a copy of an aging report.
