Attack Vault
The Attack Vault contains samples of email-based cyber attacks targeting enterprise users, including business email compromise (BEC) attacks, financial supply chain fraud, credential phishing, malware attacks, and other types of scams. The email subject and body content of these samples can be searched and the repository can be filtered based on specific characteristics using the options below.
This collection of attack samples is not meant to be a comprehensive repository of all email-based threats. Rather, the Attack Vault contains a cross-section of various types of cyber threats--each containing a unique combination of tactics, themes, and/or content--to provide a general overview of some of the more notable attacks observed in today's email threat landscape.
Hi [Recipient First Name]
Are you free at the moment? Get back to me as soon as you can.
Thanks.
[Executive Name]
Chief Executive Officer
Sent from iCloud
Executive Impersonation Gift Card Request BEC Attack
This text-based BEC attack impersonates an executive using a personalized email subject, a spoofed display name, and a free webmail account to request the purchase of gift cards.
[Recipient First Name],
Ich möchte das Konto auf meiner Gehaltsabrechnung auf ein neues Konto ändern. Ich würde auch gerne wissen, wann es für die nächste Gehaltsabrechnung gültig wäre.
Danke,
[Impersonated Employee Name]
[Impersonated Employee Title]
German Employee Impersonation Payroll Diversion BEC Attack
This text-based German-language BEC attack impersonates an employee using display name spoofing and a free webmail account to divert payroll deposits to a fraudulent account.
Greetings,
I just different to another bank and I might want to refresh my Direct
store subtleties, will it be successful for the following Payroll?
Yet, if the
next finance has been planned, my old record is as yet open to get it
yet in the event that it has not been booked, generously assist me
with changing to this new data.
Here is my new Direct Deposit Information.
Directing #: [Routing Number]
Account #: [Account Number]
Account Type: Checking
Bank name: Cross River Bank
If it's not too much trouble, let me in on when the change has been
made and sympathetically recognize the receipt of this message.
Much obliged
Employee Impersonation Payroll Diversion BEC Attack
This text-based BEC attack impersonates an employee using a spoofed email address and a free webmail account to divert payroll deposits to a fraudulent account.
May 06, 2022
Name: [Recipient Name]
Account#:BK/3926392L
Lender: Cash Advance Inc. (PaydayLoan)
Total outstanding:$780.00
Settlement amount to be paid by today: 523.00
Dear [Recipient First Name]
With this email you are being notified about your account with National Credit Collections which will be declared as FLAT REFUSAL and will be treated legally through your district courthouse.
We are in the process of closing all the pending accounts. In this regard, we are providing you a final opportunity to settle your account immediately before it's too late to take action.
Your account is in final collections so we won't be able to provide you any documentation at this moment. If requested, we can send you an invoice pertaining to this account.
If interested in resolving this account without any legal action, then respond to this email or send us an email at your earliest convenience.
Thank you and have a nice day.
Lisa Vaughn
NCC Inc
Credit Settlement Department
credit.settlement@nccsolutionsusa.com
Debt Collection Legal Matter Fake Billing Scam
This text-based fake billing scam uses a personalized email subject, a debt collection theme, and a legal matter theme.
SharePoint Fake Document Credential Phishing Attack
This link-based attack impersonates SharePoint using content obfuscation via image, a spoofed email address, and a fake document theme to steal credentials.
Dear Pam
HELPDESK: 1-888-314-2079
BILLING DATE: May/06/2022
INVOICE ID: PP38165246
PAYMENT MODE AUTO DEBITED: ACCOUNT / CARD
Thanks for choosing Office 365 Suite. Kindly find the renewal details for Microsoft Office 365 and Online OneDrive renewal.
License Period: May/06/2022 – May/05/2023
Description
Microsoft Office 365 (5 Devices)
Items
Rate
Qty
Amount
Microsoft Office 365 License
$149.99
1
$149.99
OneDrive Cloud Storage (1 TB)
$124.99
1
$124.99
Subtotal
$274.98
Tax (9%)
$24.75
Total
Paid Amount
$299.73
$299.73
Your license is activated. It will take some time for this transaction to show up in your account. If you do not wish to renew or pay $299.73, please follow the steps below to cancel your Subscriptions/Plan.
Call us on 1-888-314-2079 (Toll free) and speak to an advisor for the refund.
Thank You,
Customer Care
Helpline Number: 1-888-314-2079
Microsoft Subscription Renewal Fake Billing Scam
This text-based fake billing scam impersonates Microsoft using a subscription renewal theme.
Citrix Attachments
Attorney engagement letter.pdf
204.3 KB
BC Inv Bylaws-executed.pdf
4.5 MB
BC Investments Corp - Certificate of Filing &...ion.pdf
493.7 KB
Earnest Money Contract.pdf
6.9 MB
Download Attachments
Caliber Home Loans Real Estate Transaction Fake Document Credential Phishing Attack
This link-based attack impersonates Caliber Home Loans using an external compromised account, a real estate transaction theme, and a fake document theme to steal credentials.
Ciao [Recipient First Name]
Spero che tu stia bene, al momento ho cambiato la mia banca e modificato i dettagli del mio conto stipendio. Questa modifica può avere effetto prima della data di pagamento corrente?
Saluti
[Executive Name]
Italian Executive Impersonation Payroll Diversion BEC Attack
This text-based Italian-language BEC attack impersonates an executive using display name spoofing and a maliciously registered domain to divert payroll deposits to a fraudulent account.
Hi [Recipient First Name],
I need you to make a payment today, Please let me know if you are available so I can forward you the beneficiary's details.
Regards,
[Executive Name]
[Executive Title]
Executive Impersonation Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using a spoofed email address and a free webmail account to request a fraudulent payment.
Hello
Please we want to audit/close the book of accounting for the period ended 2021 and March 2022. We would like to know if you/your company owes us any outstanding payments till date. If you do, how much is it and when is the payment due date?
Also if you have not paid yet, kindly hold off with the payment.
Your immediate response will be highly appreciated.
Kind Regards,
[Impersonated Vendor Employee Name]
Accounts Receivable
[Impersonated Vendor Company Name].
Vendor Impersonation Payment Inquiry BEC Attack
This text-based BEC attack impersonates a vendor/supplier using a free webmail account and a payment inquiry theme to request a fraudulent payment.
