Attack Vault
The Attack Vault contains samples of email-based cyber attacks targeting enterprise users, including business email compromise (BEC) attacks, financial supply chain fraud, credential phishing, malware attacks, and other types of scams. The email subject and body content of these samples can be searched and the repository can be filtered based on specific characteristics using the options below.
This collection of attack samples is not meant to be a comprehensive repository of all email-based threats. Rather, the Attack Vault contains a cross-section of various types of cyber threats--each containing a unique combination of tactics, themes, and/or content--to provide a general overview of some of the more notable attacks observed in today's email threat landscape.
Do you have a moment I have a request I need you to handle discreetly. I'm having a meeting now, no calls so just reply my email.
[Executive Name]
[Executive Title]
Sent from my Mail for Samsung
Executive Impersonation Gift Card BEC Attack
This text-based BEC attack impersonates an executive using a personalized email subject, display name spoofing, and a free webmail account to request the purchase of gift cards.
Dear Customer,
We have tried to work with you but you are not cooperating with us. Then, unfortunately, we have forwarded your case file to the legal department of FDCP. We already updated the legal department to file the Court petition in the Courthouse. Once the Court Summons will be signed by the court clerk we will update you one copy at your postal address along with one copy at following places:
1. Nearest Police Station
2. At your Employer
3. Internal Revenue Services
4. Federal Bureau for Credit
5. Bank with which you have accounts.
Note: If you want to avoid all these unnecessary steps then you have to get back to us with the payment. Now kindly get back to us so that we can send you the payment instruction.
Thank You.
External Third Party Overdue Payment Legal Matter BEC Attack
This text-based BEC attack impersonates an external third party using a maliciously registered domain, an overdue payment theme, and a legal matter theme to request a fraudulent payment.
We hired a private consultant and we would like to do a one time payment to him. Could you please confirm if an international wire payment can be processed to the consultant today? Let me know if this is possible so i can give details.
Regards,
[Impersonated Executive First Name]
Executive Impersonation New Vendor Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using display name spoofing, a free webmail account, and a new vendor theme to request a fraudulent payment.
.
Expired Account HTML Attachment Credential Phishing Attack
This payload-based attack uses an HTML attachment, an external compromised account, and an an expired account theme to steal credentials.
Guten Morgen
Was ist unser Kontostand,
Können wir heute 27,000€ zahlen?
Grüße
[Executive Name]
Executive Impersonation Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using display name spoofing and a maliciously registered domain to request a fraudulent payment.
Hi [Recipient First Name],
I am thinking of implementing an Employee Incentive Program to show our employees we care about them. I would like to surprise them and put a smile on their faces today. Can we purchase some cards (Walmart/Target) from the store?
Reply and let me know how soon you can get this done and which of the cards you can easily buy at the store. Keep this surprise package confidential until we give it out to them.
Thanks,
Sent from my iPhone
Executive Impersonation Employee Incentive Gift Card BEC Attack
This text-based BEC attack impersonates an executive using display name spoofing, a free webmail account, and an employee incentive theme to request the purchase of gift cards.
Dear - [Recipient Name]
24/7 Support Team +1 (888) 844-2906 We would like to inform you about your recent purchase of $649.00. This charge will reflect in your account within 24 hours.
ITEMS
Product ID
Qty
Sub Total
You sent a Payment to Coinbase Global, Inc.
# z11W-2aEt-nJD1-JRL112318
0.0098
$600.00
Subtotal
Buy Exchange Rate 1 BTC =
$43,652.35
Tax
$49.00
Grand Total
$649.00
Delivery Informatin
Invoice # z11W-2aEt-nJD1-JRL112318
3/9/2022
Email Delivery [Recipient Email Address]
Payment method: Paypal Credit
This transaction may appear in your statement as PAYPAL COINBASE within 24 hours. If in case you did not make this payment, please call our 24/7 support at +1 (888) 844-2906(Toll free) to cancel. For cancellation or to make any changes or for any other issues contact the above-mentioned support number.
PayPal Cryptocurrency Fake Billing Scam
This text-based fake billing scam impersonates PayPal using a cryptocurrency theme and a fake payment receipt theme.
Hi [Recipient Name],
This is to notify you that am having issues with my current bank
account on file, I want to update my new bank account details before
payroll is process.
What details do you need?
Sincerely ,
[Impersonated Employee Name]
[Impersonated Employee Title]
Employee Impersonation Payroll Diversion BEC Attack
This text-based BEC attack impersonates an employee using display name spoofing and a free webmail account to divert payroll deposits to a fraudulent account.
Transaction ID:9485BNLK36025
Hello ,
You sent a payment of $799.99 to Coinbase Inc.
It may take a few moments for this transaction to appear in your account
Merchant
Coinbase Inc
Instructions to merchant
You haven't entered any instructions.
Description
Unit price
Qty
Amount
Order ID - 80570000022130051125
$799.99
1
$799.99
Subtotal
$799.99 USD
Total
$799.99 USD
Payment
$799.99 USD
Charge will appear on your credit card statement as 'PAYPAL *Coinbase Inc*'
Payment sent to Coinbase Inc
Invoice ID: 80570000022130051125
Issues with this transaction?
You have 10 days from the date of the transaction to open a dispute in the Resolution Centre.
For More Information Call us:- +1(707) 509-3505
Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and click Help in the top right corner of any PayPal page or please contact us toll free at +1-707-509-3505
PayPal Cryptocurrency Fake Billing Scam
This text-based fake billing scam impersonates PayPal using a cryptocurrency theme and a fake payment receipt theme.
Dear,
See below, names of suspected cases of COVID-19 infected persons.
As part of precaution measures please see the list of people who have been infected below and to warn you to stay isolated from them.
Open list below in pdf
OPEN IN MICROSOFT PDF CLOUD FILE
MICROSOFT PDF CLOUD FILE
Microsoft COVID-19 Credential Phishing Attack
This link-based attack uses a free webmail account and a COVID-19 theme to steal credentials.