Attack Vault
The Attack Vault contains samples of email-based cyber attacks targeting enterprise users, including business email compromise (BEC) attacks, financial supply chain fraud, credential phishing, malware attacks, and other types of scams. The email subject and body content of these samples can be searched and the repository can be filtered based on specific characteristics using the options below.
This collection of attack samples is not meant to be a comprehensive repository of all email-based threats. Rather, the Attack Vault contains a cross-section of various types of cyber threats--each containing a unique combination of tactics, themes, and/or content--to provide a general overview of some of the more notable attacks observed in today's email threat landscape.
Dear Customer,
Greetings and best wishes from us.
Please confirm the status of your Due/Outstanding Invoices for reconciliation purposes with the total amount and corresponding due dates as there has been a new development in our company.
Kindly hold off on payment till you get our new payment information from us.
Thank you in anticipation of your reply.
Best Regards,
[Impersonated Vendor Employee Name]
Accounting Manager
[Impersonated Vendor Website]
Vendor Impersonation Payment Inquiry BEC Attack
This text-based BEC attack impersonates a vendor/supplier using email address spoofing, a free webmail account, an overdue payment theme, and a payment account update theme to request a fraudulent payment.
Hi ,
I changed my bank and I'll like to update my paycheck deposit details, can the change be effective for the current pay date? also can i send the new details to you now ?
[Executive Name].
Sent from my iPhone
Executive Impersonation Payroll Diversion BEC Attack
This text-based BEC attack impersonates an executive using a spoofed email address and a maliciously registered domain to divert payroll deposits to a fraudulent account.
In order to serve you better now and in the future, First American has a Secure E-Mail system. As a result, all users will be prompted to register a user name and password the first time they access this system.
You have received an encrypted Secure E-Mail from the First American Financial Corporation or one of its subsidiaries that may contain private and/or sensitive data. If you have questions or concerns about this secure E-Mail Notification, please contact your First American representative. Always be on the lookout for phishing. Information on legitimate links and how to identify spoofed emails may be found on our website firstam.com by searching "phishing."
Click here to read your secure message, which expires 2022-05-03 11:59 PDT. Please save or export this message and any attachments to a separate system before the expiration to avoid losing this information.
More Info
First American Title Fake Document Credential Phishing Attack
This link-based attack impersonates First American Title using an external compromised account and fake document theme to steal credentials.
Message Notification
We've sent you an important message about your account. Please click below to sign into Online Banking or the Mobile App to view your message.
View Your eMessage
This email is sent by an automated system, please do not reply to this email.
Navy Federal Credit Union Account Update Credential Phishing Attack
This link-based attack impersonates Navy Federal Credit Union using an external compromised account and account update theme to steal credentials.
Hi [Target First Name],
I want to update my pay account. I would also like to know if it would be effective for the next payroll.
Thank You,
[Executive Name]
[Executive Title]
Executive Impersonation Payroll Diversion BEC Attack
This text-based BEC attack impersonates an executive using display name spoofing and a free webmail account to divert payroll deposits to a fraudulent account.
Hello
As soon as possible, I want to update my paycheck account information. Will the change be effective before the next payroll is completed?
Regards
[Executive Name]
Executive Impersonation Payroll Diversion BEC Attack
This text-based BEC attack impersonates an executive using display name spoofing and a free webmail account to divert payroll deposits to a fraudulent account.
[Target First Name],
Please I need you to take care of a financial obligation for me in order to finalize an agreement with a partner. Let me know when you are available so i can forward you the EFT/Wire Transfer as received for processing.
Regards.
Executive Impersonation Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using display name spoofing and a maliciously registered domain to request a fraudulent payment.
Hello [Target First Name],
Kindly create a spreadsheet and run the aging report, manually including each customer's contact email
Please work on that as soon as possible and let me know when i can have it.
Thank You,
[Executive First Name].
Executive Impersonation Aging Report BEC Attack
This text-based BEC attack impersonates an executive using display name spoofing and a maliciously registered domain to request a copy of an aging report.
Could you please confirm if a wire payment can be processed to a consultant today? Let me know when you get this so i can give details.
Kind Regards,
[Executive First Name]
Executive Impersonation Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using display name spoofing and a free webmail account to request a fraudulent payment.
Hello [Recipient Name]
You have a new Fax Document for [Recipient Company Name].
April 21, 2022
Attached are the documents for your review. Please review at your earliest convenience. Thank you.
© [Recipient Company Name] Management. All rights reserved.
Fake Document HTML Attachment Credential Phishing Attack
This payload-based attack uses an HTML attachment and fake document theme to steal credentials.
