Attack Vault
The Attack Vault contains samples of email-based cyber attacks targeting enterprise users, including business email compromise (BEC) attacks, financial supply chain fraud, credential phishing, malware attacks, and other types of scams. The email subject and body content of these samples can be searched and the repository can be filtered based on specific characteristics using the options below.
This collection of attack samples is not meant to be a comprehensive repository of all email-based threats. Rather, the Attack Vault contains a cross-section of various types of cyber threats--each containing a unique combination of tactics, themes, and/or content--to provide a general overview of some of the more notable attacks observed in today's email threat landscape.
Hi [Target Name],
Quick one - I need to update my paycheck direct deposit info. Can the
change be effective for the next pay date?
Thanks,
[Executive Name].
Get Outlook for iOS
Executive Impersonation Payroll Diversion BEC Attack
This text-based BEC attack impersonates an executive using display name spoofing and a compromised external account to divert payroll deposits to a fraudulent account.
Hello,
Asap: I would like to change my financial institution on file to a secured banking information and I will appreciate it if you can make the changes for me at your end and can i send you my new banking information before the next payroll is submitted?
Thanks,
[Employee Name]
Employee Impersonation Payroll Diversion BEC Attack
This text-based BEC attack impersonates a non-executive employee using display name spoofing and a free webmail account to divert payroll deposits to a fraudulent account.
Dear Sir,
Our Record shows that you have IATA invoices that are due for payment,kindly check your records and get back to us as soon as possible for payment, as failure to do so may lead to sanctions.Please note there is an update in Bank Account information,we request you contact us for our new Bank Account information before your next payment.
Expecting your usual prompt cooperation.
Best Regards,
Ms Linda Morgan
Accounts/Invoicing
International Air Transport Association
IATA Head Office
Vendor Impersonation Overdue Payment BEC Attack
This text-based BEC attack impersonates a vendor/supplier using a maliciously registered domain and an overdue payment theme to request a fraudulent payment.
RECEIPT COPY: #GASK517656
Hello [Recipient Email Address],
Thank you for using security Plan. This email is to inform you that your annual subscription with GeektSquad is renewed. The plan was confirmed at your end.
We have charged 359.99 USD.
Your order details are:
Order ID: GASK517656
Total Amount: 359.99 USD
Product name:nSecurity 24*7
Payment method : Prepaid
Transaction Date: April 12th 2022.
Your Purchased:
Alternate text
Security 24*7
$359.99
Sub-total
$359.99
Sales tax (VAT)
0.00
Total
$359.99
To upgrade/cancel your subscription, please contact our customer service desk given below. (Working Monday-Saturday, 8AM – 8PM EST)
+1(888)i366-4576l
Sincerely
Lindsy Wilson
IMPORTANT: Please do not reply to this message or mail address. For any issues, please reach our Customer Contact Centre
2022©GeekSquad Ltd. All Rights Reserved
Geek Squad Subscription Renewal Fake Billing Scam
This text-based fake billing scam impersonates Geek Squad using a subscription renewal theme.
Hi [Target First Name],
Email me the available AP report on all outstanding payments with attached vendor's contact emails and phone numbers.
Thanks,
[Executive First Name]
Executive Impersonation Aging Report BEC Attack
This text-based BEC attack impersonates an executive using display name spoofing and a maliciously registered domain to request a copy of an aging report.
Good Morning,
What is the cut off time for outgoing domestic wire transfer?
My Regard,
[Executive Name]
[Company Name & Title]
Executive Impersonation Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using display name spoofing and a free webmail account to request a fraudulent payment.
A document titled "Proposal" has been shared with you on Onedrive. Click on the button to view the shared Document
VIEW DOCUMENT NOW
This is an Auto-Generated email notification , Document would be deleted off our server when unchecked after 48 Hours.
Onedrive Team
OneDrive Fake Document Credential Phishing Attack
This link-based attack impersonates OneDrive using a fake document theme to steal credentials.
Dear User,
Attn: We noticed unusual activity in your PayPal account
Thanks for your patience while we review the unauthorised activity case on a payment you have sent. We're happy to confirm that this transaction is eligible for PayPal Buyer Protection, and we'll cover the full disputed amount for you if there are any.
The payment for this transaction is now pending in your PayPal balance awaiting confirmation from the sender. If It’s you, There's no further action required from you at this time. We'll let you know if we need any additional information.
Transaction details
Merchant's name: Digital Decor Management & Consulting
Merchant's transaction ID: N00OIETB57EERL
Your transaction ID: J00NRTTI87KJWTK
Invoice ID: INVD01-HSUR-4739-21DHJ
Transaction date: 09 April 2022
Transaction amount: $ 865.47 USD
If you did not authorize this charge, you have 72 hours from the date of transaction to open a dispute. For more information, We recommend you to get in touch with us.
PayPal Customer Service toll-free for the USA & CANADA +1 (786) 699 4433 or info@paypal.com
Please don't reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and click help in the top right corner of any PayPal page.
PayPal Suspicious Account Activity Fake Billing Scam
This text-based fake billing scam impersonates PayPal using a suspicious account activity theme.
[Target First Name],
I need you to process a payment today. Can you get this done now?.
Thank You
[Executive Name]
[Executive Title]
Executive Impersonation Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using display name spoofing and a free webmail account to request a fraudulent payment.
Hi [Target First Name],
I need you to email me an up to date aging report from A/R, and also
include customer payable contact email on this report. When can you
get this done?
Thanks
[Executive First Name]
Executive Impersonation Aging Report BEC Attack
This text-based BEC attack impersonates an executive using display name spoofing and a free webmail account to request a copy of an aging report.