Attack Vault
The Attack Vault contains samples of email-based cyber attacks targeting enterprise users, including business email compromise (BEC) attacks, financial supply chain fraud, credential phishing, malware attacks, and other types of scams. The email subject and body content of these samples can be searched and the repository can be filtered based on specific characteristics using the options below.
This collection of attack samples is not meant to be a comprehensive repository of all email-based threats. Rather, the Attack Vault contains a cross-section of various types of cyber threats--each containing a unique combination of tactics, themes, and/or content--to provide a general overview of some of the more notable attacks observed in today's email threat landscape.
Bonjour [Recipient First Name],
Maître Bergerot du cabinet juridique KPMG a t-il appelé?
Il s'agit d'un dossier confidentiel que je traite avec la cabinet, pour lequel il est impératif de communiquer uniquement par courriel.
Cordialement,
.[Executive Name]
French Executive Impersonation Legal Matter Payment Fraud BEC Attack
This text-based French-language BEC attack impersonates an executive using a spoofed email address, an extended spoofed display name, a maliciously registered domain, and a legal matter theme to request a fraudulent payment.
Hallo Gehaltsabrechnung,
Ich möchte das Konto auf meiner Gehaltsabrechnung in ein neues Konto
ändern und möchte wissen, ob es für die nächste Zahlung wirksam wird?
Vielen Dank
[Impersonated Employee Name]
[Impersonated Employee Title]
German Employee Impersonation Payroll Diversion BEC Attack
This text-based German-language BEC attack impersonates an employee using a spoofed display name and a free webmail account to divert payroll deposits to a fraudulent account.
Dear [Recipient First Name],
We are in the process of buying an overseas company which will enhance our market position in Asia that I have approved and for which I need your help.
Has Adv. Hugues Moreau informed you about this case?
Regards,
[Executive Name]
Sent from Corp iPhone
Executive Impersonation Mergers & Acquisitions Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using a spoofed email address, an extended spoofed display name, a maliciously registered domain, and a mergers & acquisitions theme to request a fraudulent payment.
Bonjour,
Maître LAMBERT du cabinet juridique KPMG aurait dû vous contacter par téléphone .
L'a-t'il-fait ou pas encore ?
Cordialement,
[Executive Name]
French Executive Impersonation Legal Matter Payment Fraud BEC Attack
This text-based French-language BEC attack impersonates an executive using an extended spoofed display name, a matching malicious domain username, and a legal matter theme to request a fraudulent payment.
Hi [Recipient First Name],
Please send in all the current AR reports. I need you to sort through all account receivables by their due dates, i need to view all the updated records of all current and pending accounts on a spreadsheet as soon as possible. include the relevant emails ascribed to each contact information.
Treat as urgent.
Best regards
[Executive Name]
Executive Impersonation Aging Report Theft BEC Attack
This text-based BEC attack impersonates an executive using a spoofed email address and a free webmail account to request a copy of an aging report.
Hi [Recipient First Name] ,
Have you been contacted by Olivier Genevois from Dentons law firm about
the file OGDI6804, regarding a new project on which we are actually
working on?
Kind Regards,
[Executive Name]
Sent from my iPhone
Executive Impersonation Legal Matter Payment Fraud BEC Attack
This text-based BEC attack impersonates an executive using an extended spoofed display name, a personalized email subject, a maliciously registered domain, and a legal matter theme to request a fraudulent payment.
Gοοd mοrning [Recipient First Name]
I need yου tο hαndIe α tαsκ fοr me. Γesροnd ωith yουr ωhαtsαρρ n∪mber αnd eχρect my messαge.
Best Γegads,
Employee Impersonation Gift Card Request BEC Attack
This text-based BEC attack impersonates an employee using a foreign character substitution, a WhatsApp number request, a spoofed display name, and a free webmail account to request the purchase of gift cards.
Hur mycket är vårt tillgängliga saldo?, vi måste betala 39.891,22 euro, kan vi betala idag?
Hälsningar,
[Executive Name]
Swedish Executive Impersonation Payment Fraud BEC Attack
This text-based Swedish-language BEC attack impersonates an executive using a spoofed display name and a free webmail account to request a fraudulent payment.
ATTN,
Please find attached invoice INV-11473 and forward to the appropriate party for payment processing.
Thanks,
Fake Invoice Credential Phishing Attack
This link-based attack impersonates a vendor/supplier using a fake attachment, an external compromised account, and a fake invoice theme to steal credentials.
Dear Member,
You sent an automatic payment to ExpressVPN. Here are the details.
Automatic Payment Details:
Automatic payment number: K-D60C723G
Amount to be paid each time: $179.99 USD
Billing Cycle: Quarterly
Payment Start: 24 May 2022
Next payment Due: 23 Aug 2022
Next Payment Amount: $199.99 USD
Pay with Money from: PayPal
To change or cancel your agreement with ExpressVPN, log in to your PayPal account, go to your profile,
And click My Money and update your agreement in the “My preapproved Payments” section.
Do you confirm this payment?
Support: 1-857-293-0193
Click here to unsubscribe
PayPal Impersonation Fake Billing Scam Attack
This text-based fake billing scam impersonates PayPal using a fake payment receipt theme.
