Attack Vault
The Attack Vault contains samples of email-based cyber attacks targeting enterprise users, including business email compromise (BEC) attacks, financial supply chain fraud, credential phishing, malware attacks, and other types of scams. The email subject and body content of these samples can be searched and the repository can be filtered based on specific characteristics using the options below.
This collection of attack samples is not meant to be a comprehensive repository of all email-based threats. Rather, the Attack Vault contains a cross-section of various types of cyber threats--each containing a unique combination of tactics, themes, and/or content--to provide a general overview of some of the more notable attacks observed in today's email threat landscape.
Hello [Target First Name], are you available to handle the Administrative Expenses (Networking & Website Hosting and Program Services) that are currently due? Let me know if you can process the payment Via Wire Transfer or check mailing today.
Regards,
[Executive First Name]
Executive Impersonation Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using display name spoofing and a free webmail account to request a fraudulent payment.
You Received a document on sharepoint
Ѕսbјесt: [Recipient Company Name] Payment
Fіⅼе: JF549-0149M-S496, Payment Invoice No. 49g.pdf
Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by reply e-mail, delete, and then destroy all copies of the original message.
SharePoint Fake Document HTML Attachment Credential Phishing Attack
This payload-based attack impersonates SharePoint using a free webmail account, an HTML attachment, and a fake document theme to steal credentials.
New secure email message from Caliber Home Loans
Open Message
To view the secure message, click Open Message.
The secure message expires on April 11, 2022 @ 06:28 PM (GMT).
Do not reply to this notification message; this message was auto-generated by the sender's security system. To reply to the sender, click Open Message.
If clicking Open Message does not work, copy and paste the link below into your Internet browser address bar.
https://brhcustom.com/File-CD465783/
Want to send and receive your secure messages transparently?
Click here to learn more.
Caliber Home Loans Secure Message Credential Phishing Attack
This link-based attack impersonates Caliber Home Loans using email spoofing and a secure message theme to steal credentials.
Hi [Target First Name].
Can I get the current A/P report as soon as possible please?
Kindly prepare with an excel document and insert contact information (email and phone number) on it please.
How soon can you send it over?
Thanks
[Executive First Name].
Executive Impersonation Aging Report BEC Attack
This text-based BEC attack impersonates an executive using display name spoofing and a maliciously registered domain to request a copy of an aging report.
Good morning,
Kindly REVIEW DOCUMENT to see Remittance info for the ACH payment
Thank you,
[Impersonated Third Party]
Adobe Fake Document Credential Phishing Attack
This link-based attack impersonates Adobe using an external compromised account and a fake document theme to steal credentials.
Do not reply to this notifications message: Security system auto generate this email.
Open to Review CD
Congratulations on the final steps on closing, Attached is an updated closing statement
and other closing file needed at the closing ( FINAL CD & WIRING INSTRUCTIONS) are a
attached below for your review.
In an effort to limit the spread of Covid-19, we ask for your cooperation in keeping our employees and community safe.
Please alert us immediately if you are feeling ill so other arrangements can be made for closing. In addition, we ask that non-essential visitors refrain from attending closings.
First American Title Fake Document Credential Phishing Attack
This link-based attack impersonates First American Title using email spoofing and a fake document theme to steal credentials.
Hi [Recipient Name],
I’m planning to surprise some of the employees with Easter gift for their hard work, and your confidentiality would be appreciated so as not to ruin the surprise. I want you to make a purchase quickly on my behalf. What local store do you think we have around to make this purchase? I'm considering gift cards like Visa or Amex gift cards. Since we have them almost everywhere, let me know what you suggest about this plan before purchasing.
Kind Regards,
[Impersonated Executive Name]
[Impersonated Executive Title]
[Impersonated Executive Company]
Sent from my mobile device
Executive Impersonation Holiday Gift Gift Card BEC Attack
This text-based BEC attack impersonates an executive using display name spoofing, a free webmail account, and a holiday gift theme to request the purchase of gift cards.
[Recipient Name],
Please can you handle this today? Payment has to be made via ACH.
---------- Forwarded message ---------
From: [Third Party Employee Name] <[Third Party Email Address]>
Date: Fri, April 01, 2022 at 04:11 PM
Subject: Invoice 001691134
To: [Impersonated Executive Name]
A new invoice 001691134 has been generated and is attached for your
review and payment. Please make payment via ACH, and the Bank information is on the invoice.
If you are experiencing issues viewing the attached pdf via a mobile
device, please use your standard mail client or webmail.
Thank you,
[Third Party Company Name]
Please do not reply to this email as this is a non-monitored account.
For assistance, don't hesitate to get in touch with [Third Party Employee Name] , President, via email at [Third Party Email Address].
Executive Impersonation Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using a fake email chain, display name spoofing, and a maliciously registered domain to request a fraudulent payment.
Hey!
Let me be direct, I know the fact you like to see [P]ORN0GRAPH[Y] content on yours smart-phone , and I reecorded you while you MASTURRBATE. Your smart phone got a vlrus and give me access to turn on your phone camera in hidden mode , and I also extracted all your phone list, social media lists, email contacts so I can get a benefit.
So, if you don`t send me 800$ value in [B]IT[C]0IN the video with u doing, you know what, will be sent to all your contacts. U can search on Google for Pax ful to get the coins and use the next address to send them.
The amount(approximately): 0.017
The Address Part 1: 14jW8kT1XHZ2vhCZrqd
The Address Part 2: 5GCZEt2ATi74QpP
Now, you have to copy and paste manually Part1 and Part2 and the string result of 34 characters with no space between parts that start with "1" and end with "P" is in fact the final address which in Case Sensitive where the bribery must to be sent. I give you a few days!
Oh, BTW, to remove my sneaky stuff from your device search for this, how to restore to factory settings [your phone model] and follow the steps. As well... you may want to quit this addiction, not good for health.
Fake Malware Infection Extortion Attack
This text-based extortion attack uses a fake malware infection theme to demand a payment.
Hello [Recipient Name]
Do you have a moment? I am tied up in a conference call meeting and
there is something i need you to take care of requiring swift action.
Kindly reply with your WhatsApp Number
Executive Impersonation Gift Card BEC Attack
This text-based BEC attack impersonates an executive using a WhatsApp number request, display name spoofing, and a free webmail account to request the purchase of gift cards.