Attack Vault
The Attack Vault contains samples of email-based cyber attacks targeting enterprise users, including business email compromise (BEC) attacks, financial supply chain fraud, credential phishing, malware attacks, and other types of scams. The email subject and body content of these samples can be searched and the repository can be filtered based on specific characteristics using the options below.
This collection of attack samples is not meant to be a comprehensive repository of all email-based threats. Rather, the Attack Vault contains a cross-section of various types of cyber threats--each containing a unique combination of tactics, themes, and/or content--to provide a general overview of some of the more notable attacks observed in today's email threat landscape.
Hi [Recipient First Name]
Do we incur extra charges to process a Wire transfer same day?
Thanks.
Executive Impersonation Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using display name spoofing and a maliciously registered domain to request a fraudulent payment.
Transaction ID: TX98230HG8
You just sent a payment.
Dear Customer,
Thanks for using PayPal. It may take a few moments for this transaction to appear in your account.
Merchant Note to Seller
[Name], you haven’t sent a note.
[Email Address
Shipping Address Total: $279.99 USD
NY, United States
Payment: $279.99 USD
Payment sent to [Name]
This email was sent by an automated system, so if you reply, nobody will see it. To get in touch with us, log in your account and click to “Contact us” at the bottom of any page.
Sincerely,
PayPal
1-877-287-3224
PayPal Fake Billing Scam
This text-based fake billing scam impersonates PayPal using a fake payment theme.
Invoice Date: Feb 23rd, 2022
Invoice No: 23BBEFF36SGY-07394
Hello [Recipient Email Address],
Thank you for your order. Please keep this invoice for your records
Item Qty Unit Price Sub-Total
Celestron - 114LCM Computerized Newtonian Telescope 1 $439.95 $439.95 USD
Total
$439.95 USD
Payment
$439.95 USD
You can view your order at any time from the order page or contact us at +1 321 587 6301
Amount in Words
Four Hundred Thirty Nine
For Amazon:
Authorized Signatory
*Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your account and click Help in the top right corner of any page.
Amazon Fake Billing Scam
This text-based fake billing scam impersonates Amazon using a fake payment receipt theme.
Hi [First Name],
I have changed my bank details and I’ll appreciate if you could send me the DD Auth form. Alternatively, may I send you my new banking details for you to help effect the DD change from your end to avoid mistakes.I need your prompt assistance in this regard.
Thank you.
[Executive Name]
Executive Impersonation Payroll Diversion BEC Attack
This text-based business email compromise attack impersonates an executive using display name impersonation with the goal of diverting payroll information.
Hello ,
I have recently changed banks and like to have my direct deposit changed to my new account, my previous account on file will be inactive in 10 days, Can you get this done with my VOIDED check? I need your prompt assistance on this.
Regards
Executive Impersonation Payroll Diversion BEC Attack
This text-based BEC attack impersonates an executive using display name spoofing and a compromised external account to divert payroll deposits to a fraudulent account.
Hi [Target First Name],
Can you mail out an overnight check to a vendor for me today? Please advise.
Regards,
[Executive Name]
Executive Impersonation Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using display name spoofing and a free webmail account to request a fraudulent payment.
