Attack Vault
The Attack Vault contains samples of email-based cyber attacks targeting enterprise users, including business email compromise (BEC) attacks, financial supply chain fraud, credential phishing, malware attacks, and other types of scams. The email subject and body content of these samples can be searched and the repository can be filtered based on specific characteristics using the options below.
This collection of attack samples is not meant to be a comprehensive repository of all email-based threats. Rather, the Attack Vault contains a cross-section of various types of cyber threats--each containing a unique combination of tactics, themes, and/or content--to provide a general overview of some of the more notable attacks observed in today's email threat landscape.
Your credit card payment is pending and waiting for approval.
Account ending in: 4642
Payment amount: $12461.77
Effective date: 05/13/2022
Payment authorized on: 05/10/2022
See payment activity
Click Here To Decline or Accept
If you pay between 8 PM ET and 11:59 PM ET, we’ll credit your account for the date you chose, but you might not see it for 1-2 days.
If you pay after 8 PM ET on your due date and you pay at least the minimum amount due, you’ll see a late fee on your account that will be reversed automatically when the payment posts in 1-2 days.
We’ll process this one-time electronic payment as scheduled.
To cancel a payment scheduled for a future date, please visit us at chase.com or in our app.
Chase Fake Payment Receipt Credential Phishing Attack
This link-based attack impersonates Chase using an external compromised account and a fake payment receipt theme to steal credentials.
DHTGKGF-426429
Dear [Recipient Name]
We processed your $691.96 to Zerd-Crypto
(Bill Id@KJWE9045JKE1536)
Transaction ID
KJWE9045JKE1536
Seller
Zerd-Crypto
Doge coin
Transaction Date
May, 11 2022 (Wednesday)
Instruction to seller
#[Recipient Email Address]
Product
Quantity
Amount
# (Zerd-Crypto)
1
$691.96
Subtotal
.
$691.96
Shipping
.
Free
Total
.
$691.96
Charge will appear on your credit card statement as "PayPal Already passed through your account and may take 24hrs to reflect."
If not you, connect us earliest as possible.
Customer Care No (888 - 370 (1580))
In case of any information regarding the product and charge please reach out to our PayPal Representative.
Regards : Nathan
In case of any trouble or query
This invoice is generated by PayPal
PayPal Cryptocurrency Fake Payment Receipt Fake Billing Scam
This text-based fake billing scam impersonates PayPal using a personalized email subject, a cryptocurrency theme, and a fake payment receipt theme.
Good morning,
[Impersonated Third Party Name] is respectfully requesting your company submit a proposal for the attached scope of work. You will find the scope of work and bid set plan along with specific sizing documents associated with this project, please see the link below to view bid:
REVIEW BID PROPOSAL HERE
To those who perform in multiple divisions; quotes for multiple areas of work are welcomed and encouraged. However, please provide separate estimates for each division or area of work that you plan to quote.
Should you have any questions please do not hesitate to reach out to me directly.
Thank you,
Kind regards,
[Impersonated Third Party Employee Name]
[Impersonated Third Party Employee Title]
[Impersonated Third Party Name]
Bid Proposal Credential Phishing Attack
This link-based attack impersonates an external third party using an external compromised account and a bid proposal theme to steal credentials.
Hi [Recipient Email Address,
This is to notify you that a payment of $701 has been made from your account. This payment was made to Coinbase Global Inc. on account of Bitcoin trading.
Find your purchase summary below.
Order ID YHYMPNDW
Transaction ID 9367528
Recipient Coinbase
Product Bitcoins
Quantity 0.010304726
Amount $701
GET SUPPORT
In case you did not authorize this payment, please contact our Support team at our helpline number provided below. If you feel your account has been breached, cancel this transaction by calling us immediately to report your issue and request a full refund.
+1(601) 724-8568
PayPal Cryptocurrency Fake Payment Receipt Fake Billing Scam
This text-based fake billing scam impersonates PayPal using a cryptocurrency theme and a fake payment receipt theme.
Hi ,
I am reaching out to you on behalf of [Impersonated Vendor Name] concerning an outstanding payment which is long overdue with the Invoice 474864. This invoice is past due and your prompt payment is appreciated.
Could you kindly check your records and advise accordingly?
I wait to hear from you soon
Best Regards
[Impersonated Vendor Employee Name]
[Impersonated Vendor Employee Title]
[Impersonated Vendor Name]
[Impersonated Vendor Contact Information]
Vendor Impersonation Overdue Payment BEC Attack
This text-based BEC attack impersonates a vendor/supplier using a spoofed display name, a look-alike domain, and an overdue payment theme to request a fraudulent payment.
I need you to complete the CHAPS/Faster payment to a vendor.
How soon can you get it done?
Regards,
[Executive Name]
Executive Impersonation Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using a personalized email subject, a spoofed display name, and a free webmail account to request a fraudulent payment.
Good Morning [Recipient First Name],
I got a call from my bank not quite long enough that my account will be placed on hold for some info needed from me to update it and I had to switch to a new financial institution. Can you please update my new direct deposit info for me? I would be glad if the changes can be effective for the current pay day. What Information Do You Need ?
Regards
[Impersonated Employee Name]
[Impersonated Employee Title]
[Company Name]
Employee Impersonation Payroll Diversion BEC Attack
This text-based BEC attack impersonates an employee using a personalized email subject, a spoofed display name, and a free webmail account to divert payroll deposits to a fraudulent account.
Goedemorgen ,
We moeten €14,840.70 betalen aan een bedrijf in het VK, ben je nu beschikbaar om de betaling te verwerken?
Groeten,
[Executive Name].
Dutch Executive Impersonation Payment Fraud BEC Attack
This text-based Dutch-language BEC attack impersonates an executive using a spoofed email address and a free webmail account to request a fraudulent payment.
Dear Partner,
We kindly ask that you re-confirm to us the status of our outstanding or
any due payments if there are any, as we currently have to give you an
updated information.
Please get back to us immediately with the total amount that is
outstanding with corresponding due dates and invoices respectively.
If you need any further information, please do not hesitate to contact
me for further assistance.
Thank you for your compliance.
Kinds Regards
[Impersonated Vendor Employee Name] ([Impersonated Vendor Employee Title])
[Impersonated Vendor Company Name]
Vendor Impersonation Payment Inquiry BEC Attack
This text-based BEC attack impersonates a vendor/supplier using a spoofed email address, a free webmail account, and a payment inquiry theme to request a fraudulent payment.
Hallo Payroll,
Ik wil de rekening op mijn Payroll wijzigen naar een nieuwe rekening
en ik zou graag willen weten of deze geldig is voor de volgende
betaling?
Bedankt
[Employee Name]
[Employee Title]
Dutch Employee Impersonation Payroll Diversion BEC Attack
This text-based Dutch-language BEC attack impersonates an employee using a spoofed display name and a free webmail account to divert payroll deposits to a fraudulent account.
