Attack Stories Archives - Abnormal Security

Subscribe to receive twice-monthly updates of the latest attacks we've detected in the wild:

LinkedIn Identity Theft

In this attack, the attacker impersonates a policy change notification from Linkedin in order to steal highly confidential information such as the victim’s social security number. Quick Summary of Attack Target Platform:

Read more

Ebay Gift Card Invoice Attack

In this attack, attackers utilize a lookalike domain to impersonate Ebay in an attempt to trick users into sending over payment in gift cards.

Read more

Spoofed PayPal Phishing Attack

In this attack, attackers use a method known as spoofing to impersonate PayPal, leading recipients to a phishing page.

Read more

BB&T Bank Impersonation Phishing

In this attack, attackers impersonate an automated notification from a well-known bank in order to steal recipients’ online banking login credentials.

Read more

USPS Credential Phishing

In this attack, attackers impersonate a USPS package tracking page to steal credit card credentials.

Read more

COVID-19 Department of Labor Phishing

In this attack, an attacker impersonates the New York Department of Labor claiming to administer relief funds in order to steal sensitive personal information.

Read more

Facebook Phishing Attack

In this attack, the attacker impersonates Facebook to send out a phishing attack using a legitimate Facebook link.

Read more

IRS Tax Form Scam

In this attack, scammers impersonate the IRS by sending out a fake tax form to collect valuable personal and financial information.

Read more

Widespread ‘Doc(s) Delivery’ Spear-Phishing Campaign Targets Enterprises with Hundreds of Compromised Accounts

Threat researchers at Abnormal Security discovered a coordinated spear phishing campaign targeting numerous enterprise organizations last week. The attackers compromised hundreds of legitimate accounts and are sending emails in rapid succession to

Read more

Outlook Migration Impersonation

In this attack, an attacker impersonates a message from a company’s IT team about migration to a new version of Microsoft Outlook in order to harvest credentials.

Read more

Compromised Partner Phishing

In this attack, attackers infiltrate the account of a target’s known partner to steal valuable credential information.

Read more

QuickBooks Impersonation

In this attack, scammers impersonate QuickBooks to steal valuable credential information from their target.

Read more