Abnormal Blog

Attackers attempt to solicit fraudulent donations via cryptocurrency transfers under the guise of collecting donations for children in Palestine.

Attackers capitalize on the Bittrex bankruptcy by targeting customers with a convincing credential phishing attack.

Scams about the Nigerian Prince that promise millions have been around for decades. But they are transitioning, now using ChatGPT and similar tools to seem more convincing.

Discover how one threat actor compromised five vendor organizations to commit the same invoice fraud attack against more than a dozen victims.

Abnormal research into an advanced Israel-based threat group puts a spotlight on the continuing rise of BEC attacks.

Discover how real-world attackers abuse compromised personal email accounts to elicit response and realize financial and informational gain.

Discover how real-world attackers use open redirects to access sensitive data, bypassing traditional secure email gateways.

Vendor email compromise is expensive. See how Abnormal protected our customer from a $36 million invoice fraud attack.

Discover how Abnormal detects and remediates payment fraud and invoice email attacks that bypass secure email gateways (SEGs).

See how Abnormal protects your organization from advanced attacks occuring outside your email environment and bypassing your SEG.

Discover how Abnormal detects the advanced OAuth Phishing attacks that bypass traditional security email gateways.

Secure email gateways (SEGs) have proven effective in the past, but they are ineffective against modern social engineering tactics and targeted email threats.

As spammers become more sophisticated across cloud services, Abnormal is addressing new attacks including this recent malicious calendar invite.

In this sophisticated credential phishing attack, the threat actor created a duplicate version of Stripe’s entire website.

While phishing emails have long been a popular way to steal Facebook login credentials, we’ve recently seen an increase in more sophisticated phishing attacks.

Higher education institutions continue to be prime targets for attack as cybercrimianls prey on unsuspecting students.

Abnormal Security recently identified a scam aimed at the Canadian electronic travel authorization (eTA) program, which bears a striking resemblance to a long-standing fraud scheme described in our post from several weeks ago targeting TSA travel program applicants.

Meeting invites are one of the most common types of emails sent today, so it should come as no surprise that attackers have found a way to manipulate them. Scores of recipients that utilize Abnormal Security recently received emails that contained a .ics attachment—an invitation file commonly used to populate online calendar applications with meeting and event information.

On November 9, 2021, we identified an unusual phishing email that claimed to be from “Immigration Visa and Travel,” inviting the recipient to renew their membership in the TSA PreCheck program. The email wasn’t sent from a .gov domain, but the average consumer might not immediately reject it as a scam, particularly because it had the term “immigrationvisaforms” in the domain. The email instructed the user to renew their membership at another quasi-legitimate-looking website.

What is unique to this campaign is that these messages contained QR codes offering access to a missed voicemail, handily avoiding the URL scan feature for email attachments present in secure email gateways and native security controls

Unfortunately, physically threatening extortion attempts sent via email continue to impact companies and public institutions when received—disrupting business, intimidating employees, and occasioning costly responses from public safety.

Credential phishing links are most commonly sent by email, and they typically lead to a website that is designed to look like common applications—most notably Microsoft Office 365, Google, Amazon, or other well-known...

No one wants to receive an email from human resources that they aren’t expecting. After all, that usually means bad news. And when we think there may be bad news, cybersecurity training tends to fall by the wayside. Threat actors know this, and they’re taking advantage of human emotions.

Identity theft is not a joke, impacting more than 14 million people each year in the United States alone. Over the course of their lifetime, nearly one-third of all people will become victims of identity theft—often as a result of a corporate data breach. Once attackers have access to identifying information like your full name, address, date of birth, and/or social security number...