Filters
Reset
Attack Type
Attack Vector
Attack Goal
Attack Tactic
Impersonated Party
Attachment Type
Language
Theme
Impersonated Brand
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Attack Vault

Showing
X
results

The Attack Vault contains samples of email-based cyber attacks targeting enterprise users, including business email compromise (BEC) attacks, financial supply chain fraud, credential phishing, malware attacks, and other types of scams. The email subject and body content of these samples can be searched and the repository can be filtered based on specific characteristics using the options below.

This collection of attack samples is not meant to be a comprehensive repository of all email-based threats. Rather, the Attack Vault contains a cross-section of various types of cyber threats--each containing a unique combination of tactics, themes, and/or content--to provide a general overview of some of the more notable attacks observed in today's email threat landscape.

[Recipient Company Name Header]

[Recipient Email Address]

[Recipient Name] has shared a secured document with you using

Adobe Creative Cloud Service.
Open PO-22993.pdf


Respectfully,

[Signature)

Adobe Fake Document Credential Phishing Attack

Subject:
"
PO-22993
"
Attack Date:
April 4, 2022

This link-based attack impersonates Adobe using email spoofing and a fake document theme to steal credentials.

No items found.
Type:
Credential Phishing
Theme(s):
...
Tactic(s):
...
Vector:
Link-based
Goal:
Credential Theft
Impersonated Party:
Impersonated Brand:
Adobe
Attachment Type:
Language:
See Attack Details

[Target First Name],        

I need you to email me the aging report from A/R (Due within the next 30 days and a month overdue), and also include the customer payable contact email on this report.

Regards,

[Executive Name].

Executive Impersonation Aging Report BEC Attack

Subject:
"
Aging Report
"
Attack Date:
April 4, 2022

This text-based BEC attack impersonates an executive using display name spoofing and a maliciously registered domain to request a copy of an aging report.

No items found.
Type:
Business Email Compromise
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Aging Report Theft
Impersonated Party:
Employee - Executive
Impersonated Brand:
Attachment Type:
Language:
See Attack Details

Hello [Recipient Name]

Kindly re-confirm your cell #, I need to know if you are available at the moment, I have an assignment to complete in a presentation.

Thanks.

Executive Impersonation Gift Card BEC Attack

Subject:
"
ON DESK
"
Attack Date:
April 1, 2022

This text-based BEC attack impersonates an executive using a cell phone request, display name spoofing, and a free webmail account to request the purchase of gift cards.

No items found.
Type:
Business Email Compromise
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Gift Card Request
Impersonated Party:
Employee - Executive
Impersonated Brand:
Attachment Type:
Language:
See Attack Details

Dear [Recipient Username]


York University has issued payment of $1348.71  in settlement of the item(s) listed in the attached remittance advice. The amount will be deposited into your bank account within two business days.    


Disclaimer Notice:

This email and any attachments may contain confidential and privileged information.  If you are not the intended recipient, please notify the sender immediately by return email, delete this email, and destroy any

copies.  Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal.

*************************************************************************

Avertissement:

Ce courriel, ainsi que toutes les pièces jointes, peuvent contenir des informations confidentielles et privilégiées.  Si vous n'êtes pas le destinataire voulu, veuillez en informer l'expéditeur immédiatement en

lui retournant le courriel, et détruisez le ainsi que toutes les copies. La diffusion ou l'utilisation de cette information par une personne autre que le destinataire voulu est non autorisée et peut être illégale.

Fake Invoice HTML Attachment Credential Phishing Attack

Subject:
"
Payment Advice Notification
"
Attack Date:
March 31, 2022

This payload-based attack impersonates an external third party using an HTML attachment and fake invoice theme to steal credentials.

No items found.
Type:
Credential Phishing
Theme(s):
...
Tactic(s):
...
Vector:
Payload-based
Goal:
Credential Theft
Impersonated Party:
External Party - Other
Impersonated Brand:
Attachment Type:
HTML
Language:
See Attack Details

We have issues with your shipment address

Reason: Your shipping address has an error.
It may be caused by different formats that are used in e-shops.

Shipment Details
Email : [email address]
Status: Needs customer's verification
Tracking Number: 1Z0905238580532086
Number of Packages: 1
Scheduled Delivery Date: March, 31 2022
Weight: 2.5 LBS
Please check the document, fill in the form and send it back.


DOCUMENT DOWNLOAD LINK

Fake Shipping Notification Link-based Malware Attack

Subject:
"
Attention: UPS Shipping Notification
"
Attack Date:
March 31, 2022

This link-based attack impersonates a brand using an external compromised account and a fake shipping notification theme to deliver malware.

No items found.
Type:
Malware
Theme(s):
...
Tactic(s):
...
Vector:
Link-based
Goal:
Malware Delivery
Impersonated Party:
Impersonated Brand:
UPS
Attachment Type:
Language:
See Attack Details

Greetings!
Have you seen lately my e-mail to you from an account of yours?
Yeah, that merely confirms that I have gained a complete access to device of yours.

Within the past several months, I was observing you.
Are you still surprised how could that happen? Frankly speaking, malware has infected your devices and it's coming from an adult website, which you used to visit.
Although all this stuff may seem unfamiliar to you, but let me try to explain that to you.

With aid of Trojan Viruses, I managed to gain full access to any PC or other types of devices.
That merely means that I can watch you whenever I want via your screen just by activating your camera as well as microphone, while you don't even know about that.
Moreover, I have also received access to entire contacts list as well as full correspondence of yours.

You may be wondering, "However, my PC is protected by a legitimate antivirus, so how could that happen? Why couldn't I get any alerts?"
To be honest, the reply is quite straightforward: malware of mine utilizes drivers, which update the signatures on 4-hourly basis,
which turns them to become untraceable, and hereby making your antivirus remain idle.

I have collected a video on the left screen where you enjoy wanking, while the video on the right screen shows the video you were watching at that point of time.
Still puzzled how much damage could that cause? One mouse click is enough for me to share this video to your social networks, as well as e-mail contacts of yours.
In addition, I am also able to gain access to all e-mail correspondence as well as messengers used by you.

Below are simple steps required for you to undertake in order to avoid that from occurring - transfer $1450 in Bitcoin equivalent to my wallet
(if you don't know how to complete that, just open your browser and make a google search: "Buy Bitcoin").

My bitcoin wallet address (BTC Wallet) is: 1Chh8EcWosTHo7LyVhkoDsyhVBmGDPnqNo

Once the payment has been confirmed, I shall remove the video without delay, and that is end of story - afterwards you won't hear about me again for sure.
The time for you to perform the transaction is 2 days (48 hours).
After this e-mail is opened by you, I will get an automatic notice, which will start my timer.

Any effort to complain will not change anything at all, because this e-mail is simply untraceable, just like my bitcoin address.
I have been developing these plans for quite an extended period of time; so, don't expect any mistake from my side.

If, get to know that you tried to send this message to anyone else, I will distribute your video as described earlier.

Fake Malware Infection Extortion Attack

Subject:
"
Pending for a payment.
"
Attack Date:
March 30, 2022

This text-based extortion attack uses a fake malware infection theme to demand a payment.

No items found.
Type:
Extortion
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Extortion
Impersonated Party:
Impersonated Brand:
Attachment Type:
Language:
See Attack Details

DEAR CUST0MER,

Y0UR SUBSCRIPTI0N WITH MCAFEE HAS BEEN RENEWED T0DAY. AM0UNT HAS BEEN DIRECTLY DEBITED
FR0M Y0UR BANK ACC0UNT AND IT WILL REFLECT IN Y0UR ACC0UNT STATEMENT WITHIN 24-48 H0URS.
IF Y0U ARE HAPPY WITH MCAFEE SERVICES. D0N'T F0RGET T0 GIVE A FEEDBACK.

PR0DUCT DESCRIPTI0N:
MCAFEE® T0TAL PR0TECTI0N
QUANTITY: 1
TENURE: 1 YEAR

INV0ICE ID: LP0/452136985
PAYMENT METH0D: DIRECT DEBIT
RENEWAL AM0UNT: $299.99

IF Y0U D0 N0T WISH T0 RENEW THE SUBSCRIPTI0N PLEASE C0NTACT 0UR CANCELLATION DEPARTMENT
IMMEDIATELY AND GET BACK Y0UR REFUND @ +1-806-531-6922

TERMS AND CONDITIONS:
THE PAYMENT HAS BEEN CLEARED AND WILL APPEAR IN THE ACC0UNTS STATEMENT WITHIN 24-48 H0URS.
Y0U ARE RECEIVING THIS N0TICE BECAUSE Y0U ARE ENR0LLED WITH MCAFEE® T0TAL PR0TECTION & Y0UR
SUBSCRIPTI0N HAS BEEN AUT0-RENEWED. H0WEVER, IF Y0U D0 N0T WISH T0 C0NTINUE WITH THE SERVICE
0R WANT A REFUND 0F THIS AM0UNT. KINDLY C0NTACT 0UR HELPLINE NUMBER +1-806-531-6922


IF Y0U PURCHASED 0R RENEWED Y0UR PR0TECTI0N DIRECTLY FR0M A MCAFEE PARTNER, Y0UR CHANGE WILL
N0T BE F0RWARDED T0 THAT PARTNER. C0NTACT THEM DIRECTLY T0 UPDATE THEIR REC0RDS.
© 2022 MCAFEE INC. ALL RIGHTS RESERVED. MCAFEE, THE MCAFEE L0G0, THE CHECKMARK L0G0, MCAFEEN,
AND THE L0CKMAN L0G0 ARE TRADEMARKS 0R REGISTERED TRADEMARKS 0F MCAFEE INC. 0R ITS AFFILIATES
IN THE UNITED STATES AND 0THER C0UNTRIES. MCAFEE INC., 60 E RI0 SALAD0 PKWY STE 1000, TEMPE,
AZ 85281 ASIA PACIFIC PTE LTD, 6, TEMASEK BLVD, #12-01, SINGAP0RE 038986, SINGAP0RE. MCAFEE LIMITED,
BALLYC00LIN BUSINESS PARK, BLANCHARDST0WN, DUBLIN 15 IRELAND EMAIL IDENTIFIER: C0LP_CHANGE_ACC_MKT_0PT_IN

McAfee Subscription Renewal Fake Billing Scam

Subject:
"
INV0ICEID: LP0/452136985
"
Attack Date:
March 30, 2022

This text-based fake billing scam impersonates McAfee using a subscription renewal theme.

No items found.
Type:
Fake Billing Scam
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Impersonated Party:
Impersonated Brand:
McAfee
Attachment Type:
Language:
See Attack Details

I need you to send me list of all unpaid vendor invoices or Aged Creditors Summary.

Thank you

[Impersonated Employee Name]

[Impersonated Employee Title]

[Impersonated Employee Company]

Employee Impersonation Aging Report BEC Attack

Subject:
"
Aged Creditors
"
Attack Date:
March 28, 2022

This text-based BEC attack impersonates an employee using display name spoofing and a maliciously registered domain to request a copy of an aging report.

No items found.
Type:
Business Email Compromise
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Aging Report Theft
Impersonated Party:
Employee - Other
Impersonated Brand:
Attachment Type:
Language:
See Attack Details

The details of the payment are attached.

In case the zip file attachment is encrypted, the password is: "ZXCVGYUJMKIUJMN"

2243848480174307456285844102454191036249820820043050821407628038228248024090549941101163607899475155

jobId: sb_120923_bs

Fake Payment Receipt ZIP Attachment Malware Attack

Subject:
"
You have received a new debit (sb_120923_bs)
"
Attack Date:
March 22, 2022

This payload-based attack uses a ZIP archive attachment and a fake payment receipt theme to deliver malware.

No items found.
Type:
Malware
Theme(s):
...
Tactic(s):
...
Vector:
Payload-based
Goal:
Malware Delivery
Impersonated Party:
Impersonated Brand:
Attachment Type:
ZIP
Language:
See Attack Details

IMPORTANT NOTICE:

We are required to send you this notice to inform you that you have unpaid taxes.

Please reply back so we can send you a statement and to resolve your tax account.


This email was sent by: Internal Revenue Service (IRS) · Internal Revenue Service · 1111 Constitution Ave. N.W. · Washington DC 20535

IRS Overdue Payment BEC Attack

Subject:
"
Balance Due Reminder Notice
"
Attack Date:
March 22, 2022

This text-based BEC attack impersonates the IRS using a look-alike domain and an overdue payment theme to request a fraudulent payment.

No items found.
Type:
Business Email Compromise
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Payment Fraud
Impersonated Party:
External Party - Other
Impersonated Brand:
IRS
Attachment Type:
Language:
See Attack Details

Whoops.. There are no results found.