Attack Vault
The Attack Vault contains samples of email-based cyber attacks targeting enterprise users, including business email compromise (BEC) attacks, financial supply chain fraud, credential phishing, malware attacks, and other types of scams. The email subject and body content of these samples can be searched and the repository can be filtered based on specific characteristics using the options below.
This collection of attack samples is not meant to be a comprehensive repository of all email-based threats. Rather, the Attack Vault contains a cross-section of various types of cyber threats--each containing a unique combination of tactics, themes, and/or content--to provide a general overview of some of the more notable attacks observed in today's email threat landscape.
Hello,
Can you please verify that the attached invoice has been submitted for payment. Please feel free to contact me with any questions you may have.
Thank you,
[Compromised Third Party Name]
[Compromised Third Party Email Address]
Fake Invoice Word Document Attachment Credential Phishing Attack
This payload-based attack impersonates a vendor/supplier using an external compromised account and a fake invoice theme to steal credentials.
Hi,
I have a little issue with the bank, I forgot my password and I tried logging with different passwords and my Bank blocked my online access for security purpose because they thought it was an unauthorized person trying to log in, so the bank generated a new account number for me. Can the change be made before the next pay ?
Thanks,
[Executive Name]
Executive Impersonation Payroll Diversion BEC Attack
This text-based BEC attack impersonates an executive using a personalized email subject, a spoofed display name, and a free webmail account to divert payroll deposits to a fraudulent account.
Hello,
Your invoices are now past due - kindly confirm the payment dates.
Let me know if you require copies.
Kind Regards,
[Impersonated Vendor Employee Name]
Accounts Department
[Impersonated Vendor Company Name]
[Impersonated Vendor Company Address]
Vendor Impersonation Overdue Payment BEC Attack
This text-based BEC attack impersonates a vendor/supplier using a spoofed email address, a look-alike domain, a matching malicious domain username, and an overdue payment theme to request a fraudulent payment.
Jakie jest saldo naszego konta? dzisiaj musimy zapłacić 48.100 Euro.
Z poważaniem
[Executive First Name]
Polish Executive Impersonation Payment Fraud BEC Attack
This text-based Polish-language BEC attack impersonates an executive using a spoofed email address and a free webmail account to request a fraudulent payment.
---------- FEDPOL message ---------
Im Anhang finden Sie weitere Informationen. Bitte beziehen Sie sich auf die oben genannte Datei.
German Legal Matter PDF Attachment Extortion Attack
This payload-based German-language extortion attack uses an external compromised account, a legal matter theme, and a PDF attachment to demand a payment.
Hi ,
I need you to email me the Sales Ledger Aged Debtors Report in detail.
Also, include their email contact on this report.
Thank you.
Best Regards,
[Executive Name]
Chief Executive Officer
[Company Name]
[Executive Email Address]
Executive Impersonation Aging Report Compromise BEC Attack
This text-based BEC attack impersonates an executive using a spoofed display name and a free webmail account to request a copy of an aging report.
Hi ,
I have recently changed banks and like to have my May payslip deposit changed to my new account. I need your prompt assistance on this matter.
Best Regards,
[Executive Name].
Get Outlook for iOS
Executive Impersonation Payroll Diversion BEC Attack
This text-based BEC attack impersonates an executive using a spoofed display name and a free webmail account to divert payroll deposits to a fraudulent account.
[External Third Party Name] ([External Third Party Email Address]) has shared Westpac_Remittance05152022.pdf.
Open
SENT BY
[External Third Party Name] ([External Third Party Email Address])
MESSAGE FROM SENDER
Please confirm from your bank you receive the payment.
SHARED ON 15-May-2022 10:20 AM PDT
Adobe Fake Document Credential Phishing Attack
This link-based attack impersonates Adobe and an external third party using a fake document theme to steal credentials.
Hello team,
Please download the documents now and store them for your records.
Download Documents
Sign into your account for more options
-Commitment for Title Insurance
-Tax Certificate
-Wiring Instructions
-Insured Closing Letter
-Preliminary CD
-Vesting Deed
-Survey-has been ordered will send over to you once it has been received and reviewed.
-HOA
-Hazard Insurance – Please provide a copy of the insurance Dec. Page
Please let us know if you have any questions.
Stewart Title Company Real Estate Transaction Fake Document Credential Phishing Attack
This link-based attack impersonates Stewart Title Company using an external compromised account, a real estate transaction theme and a fake document theme to steal credentials.
Hi [Recipient First Name],
I am closing my current account and I would like to make changes to my
Direct Deposit information with my new Bank account.
Can the changes be in effect before the current pay date?
Best Regards,
[Impersonated Employee Name]
Sent from my iPhone
Employee Impersonation Payroll Diversion BEC Attack
This text-based BEC attack impersonates an employee using an extended spoofed display name, a matching malicious domain username, a personalized email subject, and a maliciously registered domain to divert payroll deposits to a fraudulent account.
