All Blog Posts
B 06 01 22 Stripe Phishing
In this sophisticated credential phishing attack, the threat actor created a duplicate version of Stripe’s entire website.
Read More
B 04 19 22 Facebook Phishing
While phishing emails have long been a popular way to steal Facebook login credentials, we’ve recently seen an increase in more sophisticated phishing attacks.
Read More
Blog university students cover
Higher education institutions continue to be prime targets for attack as cybercrimianls prey on unsuspecting students.
Read More
Blog canadian visa cover
Abnormal Security recently identified a scam aimed at the Canadian electronic travel authorization (eTA) program, which bears a striking resemblance to a long-standing fraud scheme described in our post from several weeks ago targeting TSA travel program applicants.
Read More
Blog calendar invite attack cover
Meeting invites are one of the most common types of emails sent today, so it should come as no surprise that attackers have found a way to manipulate them. Scores of recipients that utilize Abnormal Security recently received emails that contained a .ics attachment—an invitation file commonly used to populate online calendar applications with meeting and event information.
Read More
Quishing blog cover
What is unique to this campaign is that these messages contained QR codes offering access to a missed voicemail, handily avoiding the URL scan feature for email attachments present in secure email gateways and native security controls
Read More
Extortion blog cover
Unfortunately, physically threatening extortion attempts sent via email continue to impact companies and public institutions when received—disrupting business, intimidating employees, and occasioning costly responses from public safety.
Read More
Blog attack atlassian cover
Credential phishing links are most commonly sent by email, and they typically lead to a website that is designed to look like common applications—most notably Microsoft Office 365, Google, Amazon, or other well-known...
Read More
Blog yellow skyline
No one wants to receive an email from human resources that they aren’t expecting. After all, that usually means bad news. And when we think there may be bad news, cybersecurity training tends to fall by the wayside. Threat actors know this, and they’re taking advantage of human emotions.
Read More
Blog purple person outline
Identity theft is not a joke, impacting more than 14 million people each year in the United States alone. Over the course of their lifetime, nearly one-third of all people will become victims of identity theft—often as a result of a corporate data breach. Once attackers have access to identifying information like your full name, address, date of birth, and/or social security number...
Read More
Blog library cover
With school starting this month, cybercriminals are back in action—targeting university students in an attempt to steal valuable personal information. In a recent attack uncovered by Abnormal, a credential phishing attacker used a legitimate email account and created false urgency to steal student credentials through a phishing website.
Read More
Blog purple white diamonds
A request for quote (RFQ) continues to increase in popularity as an attack type, as vendors are likely to open the attachments or click the links associated with these types of email. In this attack, attackers disguise harmful malware as a RFQ...
Read More
Blog tall silver building
IRS email impersonations are widespread across all industries. These attacks vary in scale and victim, targeting both individuals and companies as a whole. This particular attack follows the growing trend of utilizing social engineering strategies for malicious engagement...
Read More
Blog green triangle
In this attack, attackers impersonate a company's Human Resources department and send a COVID-19 scan via a lookalike Microsoft Office 365 email. The original message to the recipient appears to originate from the company’s internal human resources email address.
Read More
Blog brown merge
When attempting to gain credentials to a Google account, the best brand to impersonate is likely Google. In this account, threat actors sent an urgent account message to trick recipients into inputting their Google credentials, hoping to trick...
Read More
Blog black keyboard
In a recent attack uncovered by Abnormal Security, the attacker impersonates LinkedIn to send a malicious attachment that could lead to identity theft. Once the attachment is opened, the victim is asked to put in personal identifying information, including their social security number.
Read More
Blog dark purple office
Gift card fraud has been a staple of cybercriminals for years. Converting gift cards into cash is quick and easy, and attackers are rarely pursued for conducting these scams. Once the attacker has the gift cards, they can use them to purchase items or sell them at a discounted...
Read More
Blog tall building night
PayPal is a well-known money transfer application, used often between friends and family as well as for small businesses. Because PayPal accounts are often linked to credit cards and bank accounts, the company itself is a commonly impersonated brand from attackers...
Read More
Blog black lights
Because they contain the keys to the financial kingdom and allow attackers direct access to money, banks tend to be some of the most impersonated organizations. In this attack, attackers mimic an automated notification from BB&T in order to steal recipients' online banking...
Read More
Blog mail impesrsonation
Attackers impersonated USPS while sending out phishing emails designed to steal payment credentials.
Read More
Blog round buliding blue
Scammers impersonated the Department of Labor and offered supposed relief funds to phish sensitive and identifying information.
Read More
Blog bitcoin ledger
Cybercriminals attempted a phishing scam to access cryptocurrency wallets by impersonating Ledger.
Read More
Blog keyboard circle
Facebook phishing attacks are popular because users tend to use the same email address and password for other sites. In this attack, the cybercriminal impersonates Facebook to send out a phishing attack using a legitimate Facebook link.
Read More
Blog white building sky
Although tax season has passed, IRS impersonation scams persist, putting many Americans at risk for identity theft and payment fraud. In this attack, scammers impersonate the IRS by sending out a fake tax form to collect valuable personal and financial information.
Read More
Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.