Attack Vault
The Attack Vault contains samples of email-based cyber attacks targeting enterprise users, including business email compromise (BEC) attacks, financial supply chain fraud, credential phishing, malware attacks, and other types of scams. The email subject and body content of these samples can be searched and the repository can be filtered based on specific characteristics using the options below.
This collection of attack samples is not meant to be a comprehensive repository of all email-based threats. Rather, the Attack Vault contains a cross-section of various types of cyber threats--each containing a unique combination of tactics, themes, and/or content--to provide a general overview of some of the more notable attacks observed in today's email threat landscape.
Please print the enclosed shipment paperwork below and attach it to your shipment.
HERE
Scheduled Pickup Date and Time:
May 13, 2022
09:30 - 15:30
DHL Fake Shipping Notification Credential Phishing Attack
This link-based attack impersonates DHL using a spoofed email address and a fake shipping notifications theme to steal credentials.
Hi
I just switched my bank and want to update my new direct deposit details, can i send you my new account info so you can help me update it now?
Regards,
[Executive First Name]
Executive Impersonation Payroll Diversion BEC Attack
This text-based BEC attack impersonates an executive using display name spoofing and a maliciously registered domain to divert payroll deposits to a fraudulent account.
New voice message from your contacts directory at ('+1 415-322-2037) to [Recipient Name]
Dated: May 04, 2022 7.05pm
Duration: 0:32 Secs.
Play Voicenote
Unsubscribe
Fake Voicemail Credential Phishing Attack
This link-based attack uses a fake voicemail theme and maliciously registered domain to steal credentials.
Hi [Recipient First Name],
I need the full AP aged report on all outstanding debts we owe to our
vendors.
Note: Kindly attach all contact emails.
Regards,
[Executive First Name]
Executive Impersonation Aging Report BEC Attack
This text-based BEC attack impersonates an executive using display name spoofing and a maliciously registered domain to request a copy of an aging report.
sent you a document to review and sign.
REVIEW DOCUMENT
Dropbox Fake Document Credential Phishing Attack
This link-based attack impersonates Dropbox using a compromised external account and a fake document theme to steal credentials.
Hi [Recipient First Name],
I need you to take care of something right now, so please let me know if you're free right now. I'll be in a meeting right now and won't be able to answer the phone, so it's best to contact me via email.
Regards,
[Impersonated Employee Name]
Employee Impersonation Gift Card BEC Attack
This text-based BEC attack impersonates an employee using display name spoofing and a free webmail account to request the purchase of gift cards.
[Recipient First Name]
Is there any possibility that you can cut a check today for a new
vendor that did a consulting job for us? The invoice is past due
already.
[Impersonated Employee Name]
[Impersonated Employee Title]
[Impersonated Employee Company]
Employee Impersonation New Vendor Payment Fraud BEC Attack
This text-based BEC attack impersonates an employee using display name spoofing, a free webmail account, and a new vendor theme to request a fraudulent payment.
Attn: Accounts Payable Manager:
[Impersonated Vendor Company Name] greatly appreciates you as a valued customer and we want to
thank you for your continued business.
Our office will like to update our Bank Account information details you have on file
Please note, We no longer accept mailing of any check payment at this time , All payments has to go through Direct Deposit ACH payment and Wire transfer
Could you please check if you have any open invoice payable to us as accounting is still not able to get onto the server or into Oracle to review accounts or post payments that may have been received.
Thank you,
[Impersonated Vendor Employee Name]
[Impersonated Vendor Employee Title]
[Impersonated Vendor Company Contact Information]
Vendor Impersonation Account Update BEC Attack
This text-based BEC attack impersonates a vendor/supplier using display name spoofing, a look-alike domain, and an account update theme to request a fraudulent payment.
Hello
Please we want to audit/close the book of accounting for the period ended 2021 and March 2022. We would like to know if you/your company owes us any outstanding payments till date. If you do, how much is it and when is the payment due date?
Also if you have not paid yet, kindly hold off with the payment.
Your immediate response will be highly appreciated.
Kind Regards,
[Impersonated Vendor Employee Name]
Accounts Receivable
[Impersonated Vendor Company Name].
Vendor Impersonation Payment Inquiry BEC Attack
This text-based BEC attack impersonates a vendor/supplier using a free webmail account and a payment inquiry theme to request a fraudulent payment.
Hi [Recipient First Name],
I need you to make a payment today, Please let me know if you are available so I can forward you the beneficiary's details.
Regards,
[Executive Name]
[Executive Title]
Executive Impersonation Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using a spoofed email address and a free webmail account to request a fraudulent payment.
