Attack Vault
The Attack Vault contains samples of email-based cyber attacks targeting enterprise users, including business email compromise (BEC) attacks, financial supply chain fraud, credential phishing, malware attacks, and other types of scams. The email subject and body content of these samples can be searched and the repository can be filtered based on specific characteristics using the options below.
This collection of attack samples is not meant to be a comprehensive repository of all email-based threats. Rather, the Attack Vault contains a cross-section of various types of cyber threats--each containing a unique combination of tactics, themes, and/or content--to provide a general overview of some of the more notable attacks observed in today's email threat landscape.
Hello,
I'll be needing your assistance.
I need to know if you are available at the moment.
Kindly reply with your personal cell#, I need a task done as soon as possible and look forward to my text.
Thanks.
Executive Impersonation Gift Card BEC Attack
This text-based BEC attack impersonates an executive using a cell phone request and email spoofing to request the purchase of gift cards.
Hello,
An invoice is due for payment which involves the acquisition of consulting services to develop efficient operations systems to meet our needs. What do you need to pay new vendors via ACH today?
Keep me in the loop,
Many thanks
[Executive Name]
[Executive Title]
[Company Name]
Executive Impersonation New Vendor Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using display name spoofing, a free webmail account, and a new vendor theme to request a fraudulent payment.
Please see attached for a copy of your new monthly support invoice. If there are any questions or concerns, please feel free to contact me at any time.
Thanks,
Fake Invoice HTML Attachment Credential Phishing Attack
This link-based attack impersonates a vendor/supplier using a compromised external account and a fake invoice theme to steal credentials.
Hello,
Please see attached and let me know if you have any question.
Thanks!
Vendor Impersonation Fake Invoice Credential Phishing Attack
This link-based attack impersonates a vendor/supplier using a fake attachment, compromised external account, and a fake invoice theme to steal credentials.
[Recipient First Name],
Do you have a moment? I need you to send me the 2021 W-2 (PDF) and earnings summary of all employees. I need these via email immediately for a quick review.
Thanks,
[Executive Name]
Executive Impersonation W-2 Theft BEC Attack
This text-based BEC attack impersonates an executive using a personalized email subject, display name spoofing, and a maliciously registered domain to steal employee W-2s..
Are you available? I need you to process an international wire payment to a vendor today. What are the details you will need to get this done today?
Kind Regards,
[Executive First Name]
Executive Impersonation Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using display name spoofing and a free webmail account to request a fraudulent payment.
What is the current available balance in the account? Do we have Zelle
attached to our bank accounts? I’ll need you to process an outgoing
payment today via Wire/ACH for an Operating Expenses (Networking
Activities Website Hosting and Program Services) which is due.
Kindly let me know if you can get it done today so I can forward you
the details for the payment.
Kind Regards
[Impersonated Employee Name]
Sent from my iPhone
Employee Impersonation Payment Fraud BEC Attack
This text-based BEC attack impersonates an employee using a personalized email subject, display name spoofing, and a free webmail account to request a fraudulent payment.
Hi [Recipient First Name],
I would like you to be in charge of a matter that needs to be resolved with our appointed legal advisors within this week.
Please let me know soonest by email if you can assist in this and I will provide you with more details.
Best Regards,
[Executive Name]
Sent From my Smartphone
Executive Impersonation Legal Matter Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using email spoofing and a legal matter theme to request a fraudulent payment.
Could you please advise when we can expect payment?
Thank you,
[Vendor Employee Name], CPA
Chief Financial Officer
PwC network.
PricewaterhouseCoopers LLP
411 Hamilton Boulevard
Peoria, Illinois 61602
United States
On Mon, May 2, 2022 at 8:23 AM [Target Company Executive Name] <send@omnicrosoft-sender-via-omnicrosoft-server.com> wrote:
[Recipient Name],
Could you please ACH arrange payment for this invoice today.
See below and attached.
---------- Forwarded message ---------
From: [Vendor Employee Name]<[Vendor Employee Username]@accounts-pwc.com>
Sent: Friday, April 29, 2022 10:14 AM
To: [Target Company Executive Name]
Cc: [Vendor Employee Name]<[Vendor Employee Username]@accounts-pwc.com>
Subject: PWC LLP: INVOICE# 001691134 PAYMENT DUE
A new invoice 001691134 has been generated and is attached for your
review and payment.
Please make payment via ACH (Automated clearing house). Bank
information is on the invoice.
If you are experiencing issues viewing the attached pdf via a mobile
device, please use your standard mail client or webmail.
Thank you,
[Vendor Employee Name], CPA
Chief Financial Officer
PwC network.
Vendor Impersonation Fake Email Chain BEC Attack
This text-based BEC attack impersonates a vendor/supplier using a fake email chain, display name spoofing, and a look-alike domain to request a fraudulent payment.
Hi [Recipient First Name],
I need your assistance, I want to update my account information on the payroll system. Kindly send me a direct deposit authorization form. I'd also like to know the pay date the change will go into effect
Thanks!
[Impersonated Employee Name]
[Impersonated Employee Title]
Employee Impersonation Payroll Diversion BEC Attack
This text-based BEC attack impersonates an employee using an external compromised account to divert payroll deposits to a fraudulent account.
