Attack Vault
The Attack Vault contains samples of email-based cyber attacks targeting enterprise users, including business email compromise (BEC) attacks, financial supply chain fraud, credential phishing, malware attacks, and other types of scams. The email subject and body content of these samples can be searched and the repository can be filtered based on specific characteristics using the options below.
This collection of attack samples is not meant to be a comprehensive repository of all email-based threats. Rather, the Attack Vault contains a cross-section of various types of cyber threats--each containing a unique combination of tactics, themes, and/or content--to provide a general overview of some of the more notable attacks observed in today's email threat landscape.
Hi,
Please find attached your Shipping documents.
Kindly do the needful.
Regards,
[Third Party Employee Name]
Coordinator, Shipment Office
DHL Express (AE) LLC
DHL Fake Shipping Notification HTML Attachment Credential Phishing Attack
This payload-based attack impersonates DHL using a free webmail account and a fake shipping notification theme to steal credentials.
[Image with text content]
Thank you!
Norton Fake Payment Receipt Fake Billing Scam
This text-based fake billing scam impersonates Norton using a content obfuscation via image and a fake payment receipt theme.
Good evening
Right here I direct you all the necessary records regarding our soon meeting, right as we revealed recently. Please review the аll required data here:
hXXps://furatfashionstudio[.]co[.]in/aeu/cuteototeenrsvercnin
File password: U523
[Hijacked threat content]
Fake Document Link-based Malware Attack
This link-based attack uses a hijacked email thread and a fake document theme to deliver malware.
Good morning,
I am chasing up the Order 001023 payment Please kindly read files send by my account on chnage of bank details from you.
Can you confirm signed and returned.
I have attached a copy
READ FILE
Payment Inquiry Credential Phishing Attack
This link-based attack impersonates a vendor/supplier using an external compromised account and a payment inquiry theme to steal credentials.
Hi,
I had some trouble with my debit card last week, so I switched my direct deposit details to my new bank with a better interest rate. I was supposed to do it last week, but I am all set now. I want this week's pay to go into my new bank account. Can I send it over to you directly to have it updated? Also what date would this be effective for? Please advise.
Regards,
[Executive First Name]
Executive Impersonation Payroll Diversion BEC Attack
This text-based BEC attack impersonates an executive using a spoofed display name and a free webmail account to divert payroll deposits to a fraudulent account.
Good Day,
Kindly email me all the available AR aged balance reports with updated payments and customers' contact emails.
How soon can you send this over?
Thank you.
Executive Impersonation Aging Report Theft BEC Attack
This text-based BEC attack impersonates an executive using a personalized email subject, a maliciously registered domain, and a spoofed display name to request a copy of an aging report.
Good morning,
Please advise when we should expect to receive remittance for invoices due to [Vendor Company Name].
Thank you,
AR Team
Vendor Impersonation Payment Inquiry Credential Phishing Attack
This text-based attack impersonates a vendor/supplier using a look-alike domain, a spoofed display name, and a payment inquiry theme to steal credentials.
Dear [Recipient First Name],
Sending this as regards an update on my Bank details and would like to request that my Paycheck information be changed from it's current profile to the new account details. Can the change be effective for the current pay date?
Yours sincerely
[Executive Name]
Executive Impersonation Payroll Diversion BEC Attack
This text-based BEC attack impersonates an executive using a spoofed email address, a matching malicious domain username, and a maliciously registered domain to divert payroll deposits to a fraudulent account.
Hi [Recipient First Name],
Please find attached your remittance advice for [Vendor Company Name]. Payment will be in your account Friday.
[Vendor Company Name] BACS REMIT PAYMENT DOCUMENT.xlsx
This is system generated email, please do not reply.
Kind regards
[Vendor Employee Name]
Accounts Payable Manager
Sent Mon, Jun 27, 2022 5:49 PM
Fake Invoice Credential Phishing Attack
This link-based attack impersonates a vendor/supplier using an external compromised account and a fake invoice theme to steal credentials.
Hello, good morning.
I need your help in updating my (Direct Deposit) details. Can I just send a voided check? My payroll portal isn't working,
Wishing you a wonderful day.
Sincerely, regards.
[Executive Name]
[Executive Title]
Executive Impersonation Payroll Diversion BEC Attack
This text-based BEC attack impersonates an executive using a spoofed display name and a free webmail account to divert payroll deposits to a fraudulent account.
