Blog - Abnormal Security

Subscribe to receive twice-monthly updates of the latest attacks we've detected in the wild:

Abnormal Attack Stories: SBA Loan Phishing

In this attack, malicious actors impersonate a government sponsored loan program from the Small Business Administration to send phishing emails.

Read more

Abnormal Attack Stories: Internal Phishing

In this attack, attackers compromise an internal account within a company and use it to launch internal phishing attacks.

Read more

How Attackers Bypass MFA and Conditional Access to Compromise Email Accounts

Abnormal Security has detected an increase in BEC attacks that successfully compromise email accounts despite multi-factor authentication (MFA) and Conditional Access. While MFA and modern authentication protocols are an important advancement in

Read more

Abnormal Attack Stories: Targeted Hijacked Email Thread / Malware

In this attack, malicious actors insert themselves into an email conversation to deliver malware in an attempt to harvest credentials from employees.

Read more

Payment Inquiries: The Precursors to Invoice and Payment Fraud

Abnormal has detected campaigns targeting our customers where malicious actors will impersonate major brands and reach out to accounting teams to ask if there are any outstanding invoices for the company they

Read more

Abnormal Attack Stories: Skype Impersonation Attack

In this attack, attackers impersonate an email from Skype in order to steal user account credentials.

Read more

Abnormal Attack Stories: Sharepoint Attacks

In this attack, malicious actors make use of an automated message from Sharepoint to send phishing emails.

Read more

Abnormal Attack Stories: Spoofed Microsoft Security Alert

In this attack, attackers spoof an internal email from the recipient’s company regarding a security alert in order to steal user account credentials.

Read more

Abnormal Attack Stories: Microsoft Renewal Scam

In this attack, attackers impersonate an email from Microsoft to steal sensitive user information and money.

Read more

Abnormal Attack Stories: Spoofed HR Credential Phishing

In this attack, attackers spoofed an email from the recipient’s company’s HR team in order to steal user account credentials.

Read more

Challenging Verizon’s CIS Control Recommendations for Socially-Engineered Business Email Compromise Attacks

While Verizon’s annual Data Breach Incident Report (DBIR) has always offered recommendations on defense and controls through its findings, this year the report shares formal, standardized security control recommendations to readers. In

Read more

Abnormal Attack Stories: Outlook Update Credential Phishing

In this attack, attackers are impersonating an official notification from the Outlook team in order to steal user account credentials of employees at organizations targeted for this attack.

Read more