Attack Vault
The Attack Vault contains samples of email-based cyber attacks targeting enterprise users, including business email compromise (BEC) attacks, financial supply chain fraud, credential phishing, malware attacks, and other types of scams. The email subject and body content of these samples can be searched and the repository can be filtered based on specific characteristics using the options below.
This collection of attack samples is not meant to be a comprehensive repository of all email-based threats. Rather, the Attack Vault contains a cross-section of various types of cyber threats--each containing a unique combination of tactics, themes, and/or content--to provide a general overview of some of the more notable attacks observed in today's email threat landscape.
--
Hola [Recipient First Name]
¿Tienes unos minutos libres? Estoy en medio de una conferencia
telefónica y hay algo de lo que necesito que te ocupes ahora mismo.
Proporcione su número de Whatsapp en su respuesta.
Spanish Executive Impersonation Gift Card Request BEC Attack
This text-based Spanish-language BEC attack impersonates an executive using a WhatsApp number request, a spoofed display name, and a free webmail account to request the purchase of gift cards.
Hello Dealer/Distributor,
I am one of the auditors for [Impersonated Vendor Company Name]. We are currently in the middle of the financial statement audit for the year ended 2021/2022 and would like to inquire regarding any outstanding payment/due invoice with the Company, and if you do, how much is the due/outstanding payment and when is the payment due date?
Also if you have not paid yet, kindly hold off with the payment for our further instructions.
Awaiting your email response.
Best Regards,
[Impersonated Vendor Employee Name]
Accounts Receivables
[Impersonated Vendor Company Name]
[Impersonated Vendor Company Address]
Vendor Impersonation Overdue Payment BEC Attack
This text-based BEC attack impersonates a vendor/supplier using a look-alike domain and an overdue payment theme to request a fraudulent payment.
Good Morning
Can we process an ACH or domestic wire transfer for a new vendor today?
The payment is Overdue, so make it a high priority.
Regards
[Executive Name]
[Executive Title] & Director at [Company Name]
Get Outlook for iOS
Executive Impersonation New Vendor Overdue Payment Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using a spoofed display name, a free webmail account, a new vendor theme, and an overdue payment theme to request a fraudulent payment.
Hello,
I hope you’re well. Invoice number 832 was due on 14th of April and is now over 30 days overdue. Please pay the total balance of this invoice at your earliest convenience.
In line with our payment policies, you will be charged a daily fee until this invoice is paid.
Please let me know if there is any reason why payment of this invoice cannot be made within seven working days.
Regards
[Vendor Employee Name]
Finance Officer
Vendor Impersonation Overdue Payment BEC Attack
This text-based BEC attack impersonates a vendor/supplier using a look-alike domain and an overdue payment theme to request a fraudulent payment.
I can access the employee portal but I keep getting an error message every time I try to modify my direct deposit information. Can I just forward you a voided check or my new account details for you to update before the next pay circle.
[Impersonated Employee Name]
[Impersonated Employee Title]
[Target Company Name]
Employee Impersonation Payroll Diversion BEC Attack
This text-based BEC attack impersonates an employee using a spoofed display name and a maliciously registered domain to divert payroll deposits to a fraudulent account.
Hi,
Do we have an anticipated payment date for our invoices?.
[Vendor Employee Name]
[Vendor Employee Title]
[Vendor Company Name]
[Vendor Contact Information]
------------
Good morning [Recipient First Name],
Thank you for your email.
Could you please confirm invoice number and amount?. We are in the process of changing banks and would stop accepting check payments as well, we are applying payments manually.
Thank you,
[Vendor Employee Name]
[Vendor Employee Title]
[Vendor Company Name]
[Vendor Contact Information]
Vendor Impersonation Payment Inquiry Account Update BEC Attack
This text-based BEC attack impersonates a vendor/supplier using a look-alike domain, a spoofed display name, a payment inquiry theme, and an account update theme to request a fraudulent payment.
Hello,
Please see attached for [Compromised Third Party Company Name] Inv 41063.
Thank you.
[Compromised Third Party Employee Signature]
Fake Invoice Credential Phishing Attack
This link-based attack impersonates a vendor/supplier using a fake attachment, an external compromised account, and a fake invoice theme to steal credentials.
Hi [Recipient First Name],
Are you available at the moment?
Sent from my mobile device
-----------
Okay [Recipient First Name], I want you to take care of this for me personally, I have just been informed that we have had an offer accepted by a new international vendor, to complete an acquisition that I have been negotiating privately for some time now, in line with the terms agreed, we will need to make a down payment of 30% of their total, which will be $39,797.20.
An announcement is currently being drafted and will be announced next week, once the deal has been executed, for now I don't want to go into any more details.
Until we are in a position to formally announce the acquisition I do not want you discussing it with anybody in the office, any question please email me.
Can you confirm if international wire transfer can go out today?
Executive Impersonation Mergers & Acquisitions Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using a personalized email subject, a spoofed display name, a free webmail account, and a mergers & acquisitions theme to request a fraudulent payment.
Hi [Recipient First Name],
I just received a follow up e-mail from Jillian a lawyer from Allen & Overy representing a firm we worked with, regarding a late bill for the amount of $42,338.46 issued last year for a services rendered on our behalf and I have asked her to contact you.
I understand that the invoice was sent before but didn't get into the system for payment. Attached is a copy of the outstanding invoice. Can we get this paid today?
Many Thanks,
[Executive Name]
From: Jillian Ashley <jillian.ashley@allenoverys.com>
Posted: Monday, May 16, 2022 9:08 AM
To: [Executive Name] <[Executive Email Address]>
Subject: Unpaid Invoice
Hi [Executive First Name],
I have sent the invoice again to you as reminder. I wish to inform you that this invoice is already due and if this is not paid this week, we will have to open a case against your firm.
Kind Regards.
Jillian Ashley
Senior Associate
Address: 1221 Avenue of the Americas
New York, NY 10020
Allen & Overy LLP
Executive Impersonation Overdue Payment Legal Matter Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using a fake email chain, a spoofed email address, a matching malicious domain username, a maliciously registered domain, a legal matter theme, and an overdue payment theme to request a fraudulent payment.
Good Morning [Recipient First Name]
Please kindly re-update my direct deposit account for upcoming payroll
I have an issue with my bank account, I will try and have it sorted
out later. Please have it updated ASAP.
Please make sure the payroll system process my direct deposit into my
new account and the new account be added today.
Can I email the new routing and account number details for the update
to be made today ?
Thank you.
[Impersonated Employee Name]
[Impersonated Employee Title]
Employee Impersonation Payroll Diversion BEC Attack
This text-based BEC attack impersonates an employee using a spoofed display name and a free webmail account to divert payroll deposits to a fraudulent account.
