Attack Vault
The Attack Vault contains samples of email-based cyber attacks targeting enterprise users, including business email compromise (BEC) attacks, financial supply chain fraud, credential phishing, malware attacks, and other types of scams. The email subject and body content of these samples can be searched and the repository can be filtered based on specific characteristics using the options below.
This collection of attack samples is not meant to be a comprehensive repository of all email-based threats. Rather, the Attack Vault contains a cross-section of various types of cyber threats--each containing a unique combination of tactics, themes, and/or content--to provide a general overview of some of the more notable attacks observed in today's email threat landscape.
Hi [Recipient First Name],
We are currently on an audit process and as a result of this, we are having delays with accounts reconciliations on all aging receivables.
Could you advise if we can expect payments this week on due invoices? Would appreciate you look into this and feed me back?
I’m happy to answer any questions you might have.
Have a great day!
Thank you,
[Vendor Employee Name]
[Vendor Employee Title]
Vendor Impersonation Payment Inquiry BEC Attack
This text-based BEC attack impersonates a vendor/supplier using a look-alike domain and a payment inquiry theme to request a fraudulent payment.
Hi [Recipient First Name],
Can you set up a faster payment for the overdue attached invoice?
It needs to be paid immediately.
Kindly Advise.
Thanks.
[Executive Name]
[Executive Title]
Executive Impersonation Overdue Payment Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using a spoofed display name, a free webmail account, and an overdue payment theme to request a fraudulent payment.
Hei [Recipient First Name],
Oletko käytettävissä juuri nyt? Minulla on tänään pari kokousta koko
päivän, ja sinun on suoritettava minulle henkilökohtaisesti tehtävä
mahdollisimman pian. Joten olisin kiitollinen nopeasta
sähköpostivastauksesta.
Parhain terveisin,
[Executive First Name].
Lähetetty iPhonestani
Finnish Executive Impersonation Gift Card Request BEC Attack
This text-based Finnish-language BEC attack impersonates an executive using a personalized email subject, an external compromised account, and a spoofed display name to request the purchase of gift cards.
Hast du eine Minute ?
Ich brauche Sie, um eine Aufgabe für mich zu erledigen, wenn Sie verfügbar sind.
Gesendet von einem drahtlosen 5G-Gerät
German Executive Impersonation Gift Card Request BEC Attack
This text-based German-language BEC attack impersonates an executive using a spoofed display name and a free webmail account to request the purchase of gift cards.
[Recipient First Name],
I need your help to resolve an urgent matter by the close of business today.
Please let me know your available time slots for a conference call later today and the number to reach you at.
Thanks,
[Executive First Name]
Sent from my iPhone
Executive Impersonation Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using a spoofed email address and a maliciously registered domain to request a fraudulent payment.
Hey [Recipient First Name],
I am reaching out for the Aging Report Spreadsheet from your department to review all debtors. Once you find these, Please kindly send them as soon as possible . I need your prompt assistance on this.
I am looking forward to hearing from you soon.
Thanks.
[Executive Name]
Sent from my T-Mobile 4G LTE Device
Executive Impersonation Aging Report Theft BEC Attack
This text-based BEC attack impersonates an executive using a spoofed email address, a personalized email subject, and a maliciously registered domain to request a copy of an aging report.
Bill to
Walmart customer
Invoice #
$899.69
Payment terms
Debit/credit
Amount due
$899.69
Issue date
June 23 2022
If you don’t recognize this order, please call immediately at +1- 801-363-0143.
Description
Product/service-name
iPhone 13 pro max 1tb
Amount
$899.69
Thank you for making your purchase from Walmart.
Your order id is XL667788.
Subtotal $899.69
Tax
misc.
Amount due $899.69
Note: This is an Auto-generated message please call us for any query or to cancel this order.
Customer Support: +1- 801-363-0143.
Walmart Fake Payment Receipt Fake Billing Scam
This text-based fake billing scam impersonates Walmart using an external compromised account and a fake payment receipt theme.
Are you available? Please confirm if an international wire payment can be processed to a consultant today. Let me know when you get this so i can provide details.
Best Regards,
[Executive First Name]
Executive Impersonation New Vendor Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using a free webmail account, a spoofed display name, and a new vendor theme to request a fraudulent payment.
Charged Payment For Order
Hi [Recipient First Name]
Your order has been fulfilled. Please contact our customer service department at the phone shown below.
Information Support
1 808 698 0408
Information on Order
Registered Email - [Recipient Email Address]
Transaction Number - 5034327
Order Number - iiHv-pIkDcb-EexVn
Product
SOLANA
Unit Price
801.5
Quantity
x1
Total Price
801.5
Total Invoice Paid $801.5
Your order will be shipped out within 24 hours after receiving your payment confirmation. You may choose to cancel the order at any time before we ship out. Please call us immediately if you wish to cancel the order.
We're available 24/7 1 808 698 0408
PayPal Fake Payment Receipt Fake Billing Scam
This text-based fake billing scam impersonates PayPal using a personalized email subject, a free webmail account, and a fake payment receipt theme.
Can you overnight a check today?
[Executive First Name]
Executive Impersonation Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using a maliciously registered domain and a spoofed display name to request a fraudulent payment.
