Filters
Reset
Attack Type
Attack Vector
Attack Goal
Attack Tactic
Impersonated Party
Attachment Type
Language
Theme
Impersonated Brand
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Attack Vault

Showing
X
results

The Attack Vault contains samples of email-based cyber attacks targeting enterprise users, including business email compromise (BEC) attacks, financial supply chain fraud, credential phishing, malware attacks, and other types of scams. The email subject and body content of these samples can be searched and the repository can be filtered based on specific characteristics using the options below.

This collection of attack samples is not meant to be a comprehensive repository of all email-based threats. Rather, the Attack Vault contains a cross-section of various types of cyber threats--each containing a unique combination of tactics, themes, and/or content--to provide a general overview of some of the more notable attacks observed in today's email threat landscape.

Hello [Target First Name], are you available to handle the Administrative Expenses (Networking & Website Hosting and Program Services) that are currently due? Let me know if you can process the payment Via Wire Transfer or check mailing today.

Regards,
[Executive First Name]

Executive Impersonation Payment Fraud BEC Attack

Subject:
"
Event/Administrative Expenses
"
Attack Date:
April 8, 2022

This text-based BEC attack impersonates an executive using display name spoofing and a free webmail account to request a fraudulent payment.

No items found.
Type:
Business Email Compromise
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Payment Fraud
Impersonated Party:
Employee - Executive
Impersonated Brand:
Attachment Type:
Language:
See Attack Details

You Received a document on sharepoint
Ѕսbјесt: [Recipient Company Name] Payment
Fіⅼе: JF549-0149M-S496, Payment Invoice No. 49g.pdf
Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by reply e-mail, delete, and then destroy all copies of the original message.

SharePoint Fake Document HTML Attachment Credential Phishing Attack

Subject:
"
Ιոⅴ: 224603
"
Attack Date:
April 8, 2022

This payload-based attack impersonates SharePoint using a free webmail account, an HTML attachment, and a fake document theme to steal credentials.

No items found.
Type:
Credential Phishing
Theme(s):
...
Tactic(s):
...
Vector:
Payload-based
Goal:
Credential Theft
Impersonated Party:
Impersonated Brand:
SharePoint
Attachment Type:
HTML
Language:
See Attack Details

New secure email message from Caliber Home Loans

Open Message

To view the secure message, click Open Message.

The secure message expires on April 11, 2022 @ 06:28 PM (GMT).

Do not reply to this notification message; this message was auto-generated by the sender's security system. To reply to the sender, click Open Message.

If clicking Open Message does not work, copy and paste the link below into your Internet browser address bar.
https://brhcustom.com/File-CD465783/

Want to send and receive your secure messages transparently?
Click here to learn more.

Caliber Home Loans Secure Message Credential Phishing Attack

Subject:
"
Closing Docs: CTC/Final Buyer Statement (Wire Figures)
"
Attack Date:
April 8, 2022

This link-based attack impersonates Caliber Home Loans using email spoofing and a secure message theme to steal credentials.

No items found.
Type:
Credential Phishing
Theme(s):
...
Tactic(s):
...
Vector:
Link-based
Goal:
Credential Theft
Impersonated Party:
Impersonated Brand:
Caliber Home Loans
Attachment Type:
Language:
See Attack Details

Hi [Target First Name].

Can I get the current A/P report as soon as possible please?
Kindly prepare with an excel document and insert contact information (email and phone number) on it please.

How soon can you send it over?

Thanks
[Executive First Name].

Executive Impersonation Aging Report BEC Attack

Subject:
"
A / P report request
"
Attack Date:
April 8, 2022

This text-based BEC attack impersonates an executive using display name spoofing and a maliciously registered domain to request a copy of an aging report.

No items found.
Type:
Business Email Compromise
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Aging Report Theft
Impersonated Party:
Employee - Executive
Impersonated Brand:
Attachment Type:
Language:
See Attack Details

Good morning,

Kindly REVIEW DOCUMENT to see Remittance info for the ACH payment


Thank you,


[Impersonated Third Party]

Adobe Fake Document Credential Phishing Attack

Subject:
"
ACH Remittance
"
Attack Date:
April 7, 2022

This link-based attack impersonates Adobe using an external compromised account and a fake document theme to steal credentials.

No items found.
Type:
Credential Phishing
Theme(s):
...
Tactic(s):
...
Vector:
Link-based
Goal:
Credential Theft
Impersonated Party:
External Party - Vendor/Supplier
Impersonated Brand:
Adobe
Attachment Type:
Language:
See Attack Details

Do not reply to this notifications message: Security system auto generate this email.

Open to Review CD

Congratulations on the final steps on closing, Attached is an updated closing statement

and other closing file needed at the closing ( FINAL CD & WIRING INSTRUCTIONS) are a

attached below for your review.

In an effort to limit the spread of Covid-19, we ask for your cooperation in keeping our employees and community safe.  
Please alert us immediately if you are feeling ill so other arrangements can be made for closing. In addition, we ask that non-essential visitors refrain from attending closings.

First American Title Fake Document Credential Phishing Attack

Subject:
"
(CLEAR TO CLOSE) DRAFT CD / Fraud Instructions and Wire Instructions - (Closing 04/08)
"
Attack Date:
April 7, 2022

This link-based attack impersonates First American Title using email spoofing and a fake document theme to steal credentials.

No items found.
Type:
Credential Phishing
Theme(s):
...
Tactic(s):
...
Vector:
Link-based
Goal:
Credential Theft
Impersonated Party:
Impersonated Brand:
First American Title
Attachment Type:
Language:
See Attack Details

Hi [Recipient Name],


I’m planning to surprise some of the employees with Easter gift for their hard work, and your confidentiality would be appreciated so as not to ruin the surprise. I want you to make a purchase quickly on my behalf. What local store do you think we have around to make this purchase? I'm considering gift cards like Visa or Amex gift cards. Since we have them almost everywhere, let me know what you suggest about this plan before purchasing.

Kind Regards,


[Impersonated Executive Name]
[Impersonated Executive Title]
[Impersonated Executive Company]


Sent from my mobile device

Executive Impersonation Holiday Gift Gift Card BEC Attack

Subject:
"
Response
"
Attack Date:
April 6, 2022

This text-based BEC attack impersonates an executive using display name spoofing, a free webmail account, and a holiday gift theme to request the purchase of gift cards.

No items found.
Type:
Business Email Compromise
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Gift Card Request
Impersonated Party:
Employee - Executive
Impersonated Brand:
Attachment Type:
Language:
See Attack Details

[Recipient Name],

Please can you handle this today? Payment has to be made via ACH.

---------- Forwarded message ---------
From: [Third Party Employee Name] <[Third Party Email Address]>
Date: Fri, April 01, 2022 at 04:11 PM
Subject: Invoice 001691134
To: [Impersonated Executive Name]

A new invoice 001691134 has been generated and is attached for your
review and payment. Please make payment via ACH, and the Bank information is on the invoice.
If you are experiencing issues viewing the attached pdf via a mobile
device, please use your standard mail client or webmail.
Thank you,
[Third Party Company Name]

Please do not reply to this email as this is a non-monitored account.
For assistance, don't hesitate to get in touch with [Third Party Employee Name] , President, via email at [Third Party Email Address].

Executive Impersonation Payment Fraud BEC Attack

Subject:
"
Invoice 001691134
"
Attack Date:
April 6, 2022

This text-based BEC attack impersonates an executive using a fake email chain, display name spoofing, and a maliciously registered domain to request a fraudulent payment.

No items found.
Type:
Business Email Compromise
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Payment Fraud
Impersonated Party:
Employee - Executive
Impersonated Brand:
Attachment Type:
Language:
See Attack Details

Hey!

Let me be direct, I know the fact you like to see [P]ORN0GRAPH[Y] content on yours smart-phone , and I reecorded you while you MASTURRBATE. Your smart phone got a vlrus and give me access to turn on your phone camera in hidden mode , and I also extracted all your phone list, social media lists, email contacts so I can get a benefit.

So, if you don`t send me 800$ value in [B]IT[C]0IN the video with u doing, you know what, will be sent to all your contacts. U can search on Google for Pax ful to get the coins and use the next address to send them.

The amount(approximately): 0.017

The Address Part 1: 14jW8kT1XHZ2vhCZrqd

The Address Part 2: 5GCZEt2ATi74QpP

Now, you have to copy and paste manually Part1 and Part2 and the string result of 34 characters with no space between parts that start with "1" and end with "P" is in fact the final address which in Case Sensitive where the bribery must to be sent. I give you a few days!

Oh, BTW, to remove my sneaky stuff from your device search for this, how to restore to factory settings [your phone model] and follow the steps. As well... you may want to quit this addiction, not good for health.

Fake Malware Infection Extortion Attack

Subject:
"
Verrry important
"
Attack Date:
April 6, 2022

This text-based extortion attack uses a fake malware infection theme to demand a payment.

No items found.
Type:
Extortion
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Extortion
Impersonated Party:
Impersonated Brand:
Attachment Type:
Language:
See Attack Details

Hello [Recipient Name]

Do you have a moment? I am tied up in a conference call meeting and
there is something i need you to take care of requiring swift action.
Kindly reply with your WhatsApp Number

Executive Impersonation Gift Card BEC Attack

Subject:
"
AVAILABLE?
"
Attack Date:
April 5, 2022

This text-based BEC attack impersonates an executive using a WhatsApp number request, display name spoofing, and a free webmail account to request the purchase of gift cards.

No items found.
Type:
Business Email Compromise
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Gift Card Request
Impersonated Party:
Employee - Executive
Impersonated Brand:
Attachment Type:
Language:
See Attack Details

Whoops.. There are no results found.