Filters
Reset
Attack Type
Attack Vector
Attack Goal
Attack Tactic
Impersonated Party
Attachment Type
Language
Theme
Impersonated Brand
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Attack Vault

Showing
X
results

The Attack Vault contains samples of email-based cyber attacks targeting enterprise users, including business email compromise (BEC) attacks, financial supply chain fraud, credential phishing, malware attacks, and other types of scams. The email subject and body content of these samples can be searched and the repository can be filtered based on specific characteristics using the options below.

This collection of attack samples is not meant to be a comprehensive repository of all email-based threats. Rather, the Attack Vault contains a cross-section of various types of cyber threats--each containing a unique combination of tactics, themes, and/or content--to provide a general overview of some of the more notable attacks observed in today's email threat landscape.

Do you have a moment I have a request I need you to handle discreetly. I'm having a meeting now, no calls so just reply my email.


[Executive Name]
[Executive Title]
Sent from my Mail for Samsung

Executive Impersonation Gift Card BEC Attack

Subject:
"
[RECIPIENT NAME]
"
Attack Date:
March 22, 2022

This text-based BEC attack impersonates an executive using a personalized email subject, display name spoofing, and a free webmail account to request the purchase of gift cards.

No items found.
Type:
Business Email Compromise
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Gift Card Request
Impersonated Party:
Employee - Executive
Impersonated Brand:
Attachment Type:
Language:
See Attack Details

Dear Customer,

We have tried to work with you but you are not cooperating with us. Then, unfortunately, we have forwarded your case file to the legal department of FDCP. We already updated the legal department to file the Court petition in the Courthouse. Once the Court Summons will be signed by the court clerk we will update you one copy at your postal address along with one copy at following places:

1. Nearest Police Station

2. At your Employer

3. Internal Revenue Services

4. Federal Bureau for Credit

5. Bank with which you have accounts.

Note: If you want to avoid all these unnecessary steps then you have to get back to us with the payment. Now kindly get back to us so that we can send you the payment instruction.

Thank You.

External Third Party Overdue Payment Legal Matter BEC Attack

Subject:
"
Civil Case File #291786
"
Attack Date:
March 21, 2022

This text-based BEC attack impersonates an external third party using a maliciously registered domain, an overdue payment theme, and a legal matter theme to request a fraudulent payment.

No items found.
Type:
Business Email Compromise
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Payment Fraud
Impersonated Party:
External Party - Other
Impersonated Brand:
Attachment Type:
Language:
See Attack Details

We hired a private consultant and we would like to do a one time payment to him. Could you please confirm if an international wire payment can be processed to the consultant today? Let me know if this is possible so i can give details.

Regards,

[Impersonated Executive First Name]

Executive Impersonation New Vendor Payment Fraud BEC Attack

Subject:
"
Consultancy fee
"
Attack Date:
March 21, 2022

This text-based BEC attack impersonates an executive using display name spoofing, a free webmail account, and a new vendor theme to request a fraudulent payment.

No items found.
Type:
Business Email Compromise
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Payment Fraud
Impersonated Party:
Employee - Executive
Impersonated Brand:
Attachment Type:
Language:
See Attack Details

.

Expired Account HTML Attachment Credential Phishing Attack

Subject:
"
[Full Name] will be removed from server , validate attached activation
"
Attack Date:
March 12, 2022

This payload-based attack uses an HTML attachment, an external compromised account, and an an expired account theme to steal credentials.

No items found.
Type:
Credential Phishing
Theme(s):
...
Tactic(s):
...
Vector:
Payload-based
Goal:
Credential Theft
Impersonated Party:
Impersonated Brand:
Attachment Type:
HTML
Language:
See Attack Details

Guten Morgen

Was ist unser Kontostand,

Können wir heute 27,000€ zahlen?

Grüße

[Executive Name]

Executive Impersonation Payment Fraud BEC Attack

Subject:
"
Zahlung
"
Attack Date:
March 10, 2022

This text-based BEC attack impersonates an executive using display name spoofing and a maliciously registered domain to request a fraudulent payment.

No items found.
Type:
Business Email Compromise
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Payment Fraud
Impersonated Party:
Employee - Executive
Impersonated Brand:
Attachment Type:
Language:
See Attack Details

Hi [Recipient First Name],

I am thinking of implementing an Employee Incentive Program to show our employees we care about them. I would like to surprise them and put a smile on their faces today. Can we purchase some cards (Walmart/Target) from the store?  

Reply and let me know how soon you can get this done and which of the cards you can easily buy at the store. Keep this surprise package confidential until we give it out to them.


Thanks,

Sent from my iPhone

Executive Impersonation Employee Incentive Gift Card BEC Attack

Subject:
"
New Incentive Program
"
Attack Date:
March 10, 2022

This text-based BEC attack impersonates an executive using display name spoofing, a free webmail account, and an employee incentive theme to request the purchase of gift cards.

No items found.
Type:
Business Email Compromise
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Gift Card Request
Impersonated Party:
Employee - Executive
Impersonated Brand:
Attachment Type:
Language:
See Attack Details

Dear - [Recipient Name]
24/7 Support Team +1 (888) 844-2906 We would like to inform you about your recent purchase of $649.00. This charge will reflect in your account within 24 hours.
ITEMS

Product ID

Qty

Sub Total
You sent a Payment to Coinbase Global, Inc.

# z11W-2aEt-nJD1-JRL112318

0.0098

$600.00

Subtotal


Buy Exchange Rate 1 BTC =

$43,652.35

Tax

$49.00

Grand Total

$649.00
Delivery Informatin
Invoice # z11W-2aEt-nJD1-JRL112318

3/9/2022
Email Delivery [Recipient Email Address]

Payment method: Paypal Credit
This transaction may appear in your statement as PAYPAL COINBASE within 24 hours. If in case you did not make this payment, please call our 24/7 support at +1 (888) 844-2906(Toll free) to cancel. For cancellation or to make any changes or for any other issues contact the above-mentioned support number.

PayPal Cryptocurrency Fake Billing Scam

Subject:
"
Crypto_Purchase_Invoice
"
Attack Date:
March 9, 2022

This text-based fake billing scam impersonates PayPal using a cryptocurrency theme and a fake payment receipt theme.

No items found.
Type:
Fake Billing Scam
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Impersonated Party:
Impersonated Brand:
PayPal
Attachment Type:
Language:
See Attack Details

Hi [Recipient Name],

This is to notify you that am having issues with my current bank
account on file, I want to update my new bank account details before
payroll is process.

What details do you need?

Sincerely ,

[Impersonated Employee Name]
[Impersonated Employee Title]

Employee Impersonation Payroll Diversion BEC Attack

Subject:
"
"
Attack Date:
March 8, 2022

This text-based BEC attack impersonates an employee using display name spoofing and a free webmail account to divert payroll deposits to a fraudulent account.

No items found.
Type:
Business Email Compromise
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Payroll Diversion
Impersonated Party:
Employee - Other
Impersonated Brand:
Attachment Type:
Language:
See Attack Details

Transaction     ID:9485BNLK36025

Hello ,

You sent a payment of $799.99 to Coinbase Inc.


It may take a few moments for this transaction to appear in your account

Merchant  

Coinbase Inc

              Instructions to merchant
              You haven't entered any instructions.


Description

Unit price

Qty

Amount

Order ID - 80570000022130051125

$799.99

1

$799.99

Subtotal

$799.99 USD

Total

$799.99 USD


Payment

$799.99 USD

Charge will appear on your credit card statement as 'PAYPAL *Coinbase Inc*'
Payment sent to Coinbase Inc


Invoice ID: 80570000022130051125


Issues with this transaction?
You have 10 days from the date of the transaction to open a dispute in the Resolution Centre.

For More Information Call us:- +1(707) 509-3505


Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and click Help in the top right corner of any PayPal page or please contact us toll free at +1-707-509-3505


PayPal Cryptocurrency Fake Billing Scam

Subject:
"
Invoice of payment to Coinbase Inc.
"
Attack Date:
March 2, 2022

This text-based fake billing scam impersonates PayPal using a cryptocurrency theme and a fake payment receipt theme.

No items found.
Type:
Fake Billing Scam
Theme(s):
...
Tactic(s):
...
Vector:
Text-based
Goal:
Impersonated Party:
Impersonated Brand:
PayPal
Attachment Type:
Language:
See Attack Details

Dear,

See below, names of suspected cases of COVID-19 infected persons.

As part of precaution measures please see the list of people who have been infected below and to warn you to stay isolated from them.

Open list below in pdf


OPEN IN MICROSOFT PDF CLOUD FILE


MICROSOFT PDF CLOUD FILE

Microsoft COVID-19 Credential Phishing Attack

Subject:
"
Suspected cases of COVID-19 infected persons.
"
Attack Date:
February 24, 2022

This link-based attack uses a free webmail account and a COVID-19 theme to steal credentials.

No items found.
Type:
Credential Phishing
Theme(s):
...
Tactic(s):
...
Vector:
Link-based
Goal:
Credential Theft
Impersonated Party:
Impersonated Brand:
Microsoft
Attachment Type:
Language:
See Attack Details

Whoops.. There are no results found.