Filters
Reset
Attack Type
Attack Vector
Attack Goal
Attack Tactic
Impersonated Party
Attachment Type
Language
Theme
Impersonated Brand
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Attack Vault

Showing
X
results

The Attack Vault contains samples of email-based cyber attacks targeting enterprise users, including business email compromise (BEC) attacks, financial supply chain fraud, credential phishing, malware attacks, and other types of scams. The email subject and body content of these samples can be searched and the repository can be filtered based on specific characteristics using the options below.

This collection of attack samples is not meant to be a comprehensive repository of all email-based threats. Rather, the Attack Vault contains a cross-section of various types of cyber threats--each containing a unique combination of tactics, themes, and/or content--to provide a general overview of some of the more notable attacks observed in today's email threat landscape.

Hi [Target Name],

Quick one - I need to update my paycheck direct deposit info. Can the

change be effective for the next pay date?

Thanks,

[Executive Name].

Get Outlook for iOS

Executive Impersonation Payroll Diversion BEC Attack

Subject:
"
DD-Update
"
Attack Date:
April 13, 2022

This text-based BEC attack impersonates an executive using display name spoofing and a compromised external account to divert payroll deposits to a fraudulent account.

No items found.
Type:
Business Email Compromise
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Payroll Diversion
Impersonated Party:
Employee - Executive
Impersonated Brand:
Attachment Type:
Language:
See Attack Details

Hello,

Asap: I would like to change my financial institution on file to a secured banking information and I will appreciate it if you can make the changes for me at your end and can i send you my new banking information before the next payroll is submitted?

Thanks,

[Employee Name]

Employee Impersonation Payroll Diversion BEC Attack

Subject:
"
NEW FINANCIAL INSTITUTION INFORMATION UPDATE
"
Attack Date:
April 13, 2022

This text-based BEC attack impersonates a non-executive employee using display name spoofing and a free webmail account to divert payroll deposits to a fraudulent account.

No items found.
Type:
Business Email Compromise
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Payroll Diversion
Impersonated Party:
Employee - Other
Impersonated Brand:
Attachment Type:
Language:
See Attack Details

Dear Sir,

Our Record shows that you have IATA invoices that are due for payment,kindly check your records and get back to us as soon as possible for payment, as failure to do so may lead to sanctions.Please note there is an update in Bank Account information,we request you contact us for our new Bank Account information before your next payment.

Expecting your usual prompt cooperation.

Best Regards,
Ms Linda Morgan
Accounts/Invoicing
International Air Transport Association
IATA Head Office

Vendor Impersonation Overdue Payment BEC Attack

Subject:
"
BILL
"
Attack Date:
April 12, 2022

This text-based BEC attack impersonates a vendor/supplier using a maliciously registered domain and an overdue payment theme to request a fraudulent payment.

No items found.
Type:
Business Email Compromise
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Payment Fraud
Impersonated Party:
External Party - Vendor/Supplier
Impersonated Brand:
Attachment Type:
Language:
See Attack Details

RECEIPT COPY: #GASK517656

Hello [Recipient Email Address],

Thank you for using security Plan. This email is to inform you that your annual subscription with GeektSquad is renewed. The plan was confirmed at your end.

We have charged 359.99 USD.

Your order details are:

Order ID: GASK517656

Total Amount: 359.99 USD

Product name:nSecurity 24*7

Payment method : Prepaid

Transaction Date: April 12th 2022.


Your Purchased:

Alternate text

Security 24*7

$359.99

Sub-total

$359.99

Sales tax (VAT)

0.00

Total

$359.99

To upgrade/cancel your subscription, please contact our customer service desk given below. (Working Monday-Saturday, 8AM – 8PM EST)

+1(888)i366-4576l

Sincerely

Lindsy Wilson

IMPORTANT: Please do not reply to this message or mail address. For any issues, please reach our Customer Contact Centre

2022©GeekSquad Ltd. All Rights Reserved

Geek Squad Subscription Renewal Fake Billing Scam

Subject:
"
Account Notification
"
Attack Date:
April 12, 2022

This text-based fake billing scam impersonates Geek Squad using a subscription renewal theme.

No items found.
Type:
Fake Billing Scam
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Impersonated Party:
Impersonated Brand:
Geek Squad
Attachment Type:
Language:
See Attack Details

Hi [Target First Name],

Email me the available AP report on all outstanding payments with attached vendor's contact emails and phone numbers.

Thanks,

[Executive First Name]

Executive Impersonation Aging Report BEC Attack

Subject:
"
Outstanding AP Report
"
Attack Date:
April 12, 2022

This text-based BEC attack impersonates an executive using display name spoofing and a maliciously registered domain to request a copy of an aging report.

No items found.
Type:
Business Email Compromise
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Aging Report Theft
Impersonated Party:
Employee - Executive
Impersonated Brand:
Attachment Type:
Language:
See Attack Details

Good Morning,


What is the cut off time for outgoing domestic wire transfer?


My Regard,

[Executive Name]

[Company Name & Title]

Executive Impersonation Payment Fraud BEC Attack

Subject:
"
PAYMENT
"
Attack Date:
April 12, 2022

This text-based BEC attack impersonates an executive using display name spoofing and a free webmail account to request a fraudulent payment.

No items found.
Type:
Business Email Compromise
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Payment Fraud
Impersonated Party:
Employee - Executive
Impersonated Brand:
Attachment Type:
Language:
See Attack Details

A document titled "Proposal" has been shared with you on Onedrive. Click on the button to view the shared Document

VIEW DOCUMENT NOW

This is an Auto-Generated email notification , Document would be deleted off our server when unchecked after 48 Hours.
       

Onedrive Team

OneDrive Fake Document Credential Phishing Attack

Subject:
"
A document titled "Proposal" has been shared with you on Onedrive
"
Attack Date:
April 11, 2022

This link-based attack impersonates OneDrive using a fake document theme to steal credentials.

No items found.
Type:
Credential Phishing
Theme(s):
...
Tactic(s):
...
Vector:
Link-based
Goal:
Credential Theft
Impersonated Party:
Impersonated Brand:
OneDrive
Attachment Type:
Language:
See Attack Details

Dear User,

Attn: We noticed unusual activity in your PayPal account

Thanks for your patience while we review the unauthorised activity case on a payment you have sent. We're happy to confirm that this transaction is eligible for PayPal Buyer Protection, and we'll cover the full disputed amount for you if there are any.

The payment for this transaction is now pending in your PayPal balance awaiting confirmation from the sender. If It’s you, There's no further action required from you at this time. We'll let you know if we need any additional information.

Transaction details

   Merchant's name: Digital Decor Management & Consulting
   Merchant's transaction ID: N00OIETB57EERL
   Your transaction ID: J00NRTTI87KJWTK
   Invoice ID: INVD01-HSUR-4739-21DHJ
   Transaction date: 09 April 2022
   Transaction amount: $ 865.47 USD

If you did not authorize this charge, you have 72 hours from the date of transaction to open a dispute. For more information, We recommend you to get in touch with us.


PayPal Customer Service toll-free for the USA & CANADA +1 (786) 699 4433 or info@paypal.com

Please don't reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and click help in the top right corner of any PayPal page.

PayPal Suspicious Account Activity Fake Billing Scam

Subject:
"
Attn : Your PayPal account access is temporarily limited
"
Attack Date:
April 9, 2022

This text-based fake billing scam impersonates PayPal using a suspicious account activity theme.

No items found.
Type:
Fake Billing Scam
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Impersonated Party:
Impersonated Brand:
PayPal
Attachment Type:
Language:
See Attack Details

[Target First Name],


I need you to process a payment today. Can you get this done now?.

Thank You


[Executive Name]
[Executive Title]

Executive Impersonation Payment Fraud BEC Attack

Subject:
"
TODAY
"
Attack Date:
April 8, 2022

This text-based BEC attack impersonates an executive using display name spoofing and a free webmail account to request a fraudulent payment.

No items found.
Type:
Business Email Compromise
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Payment Fraud
Impersonated Party:
Employee - Executive
Impersonated Brand:
Attachment Type:
Language:
See Attack Details

Hi [Target First Name],

I need you to email me an up to date aging report from A/R, and also

include customer payable contact email on this report. When can you

get this done?

Thanks

[Executive First Name]

Executive Impersonation Aging Report BEC Attack

Subject:
"
Re: aging report needed
"
Attack Date:
April 8, 2022

This text-based BEC attack impersonates an executive using display name spoofing and a free webmail account to request a copy of an aging report.

No items found.
Type:
Business Email Compromise
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Aging Report Theft
Impersonated Party:
Employee - Executive
Impersonated Brand:
Attachment Type:
Language:
See Attack Details

Whoops.. There are no results found.