chat
expand_more

B 1 30 23 Microsoft ATO
A recent nation-state actor attack by the Russian-backed threat group Midnight Blizzard infiltrated Microsoft. Discover how Abnormal can protect you from account takeovers in real time.
Read More
B 1500x1500 MKT440a Bazarcall Attack Blog Graphics
Explore the intricacies of this BazarCall phishing attack that uses a Google Form for heightened authenticity.
Read More
B Disney Attack Blog
This Disney+ scam email uses brand impersonation and personalization to send a convincing fake subscription charge notice.
Read More
B Cryptocurrency Donations Attack
Attackers attempt to solicit fraudulent donations via cryptocurrency transfers under the guise of collecting donations for children in Palestine.
Read More
B Bittrex Phishing Attack
Attackers capitalize on the Bittrex bankruptcy by targeting customers with a convincing credential phishing attack.
Read More
B Nigerian Prince
Scams about the Nigerian Prince that promise millions have been around for decades. But they are transitioning, now using ChatGPT and similar tools to seem more convincing.
Read More
VEC attacks blog cover
Discover how one threat actor compromised five vendor organizations to commit the same invoice fraud attack against more than a dozen victims.
Read More
B 5 15 23 Israel BEC
Abnormal research into an advanced Israel-based threat group puts a spotlight on the continuing rise of BEC attacks.
Read More
B 4 28 23 SE Gpng
Discover how real-world attackers abuse compromised personal email accounts to elicit response and realize financial and informational gain.
Read More
B Open Red
Discover how real-world attackers use open redirects to access sensitive data, bypassing traditional secure email gateways.
Read More
B 36 M
Vendor email compromise is expensive. See how Abnormal protected our customer from a $36 million invoice fraud attack.
Read More
B 3 14 23 Fraud
Discover how Abnormal detects and remediates payment fraud and invoice email attacks that bypass secure email gateways (SEGs).
Read More
B 2 28 23 SEG
See how Abnormal protects your organization from advanced attacks occuring outside your email environment and bypassing your SEG.
Read More
B 2 22 23 O Auth
Discover how Abnormal detects the advanced OAuth Phishing attacks that bypass traditional security email gateways.
Read More
SEG
Secure email gateways (SEGs) have proven effective in the past, but they are ineffective against modern social engineering tactics and targeted email threats.
Read More
Spam Blog Cover
As spammers become more sophisticated across cloud services, Abnormal is addressing new attacks including this recent malicious calendar invite.
Read More
B 06 01 22 Stripe Phishing
In this sophisticated credential phishing attack, the threat actor created a duplicate version of Stripe’s entire website.
Read More
B 04 19 22 Facebook Phishing
While phishing emails have long been a popular way to steal Facebook login credentials, we’ve recently seen an increase in more sophisticated phishing attacks.
Read More
Blog university students cover
Higher education institutions continue to be prime targets for attack as cybercrimianls prey on unsuspecting students.
Read More
Blog canadian visa cover
Abnormal Security recently identified a scam aimed at the Canadian electronic travel authorization (eTA) program, which bears a striking resemblance to a long-standing fraud scheme described in our post from several weeks ago targeting TSA travel program applicants.
Read More
Blog calendar invite attack cover
Meeting invites are one of the most common types of emails sent today, so it should come as no surprise that attackers have found a way to manipulate them. Scores of recipients that utilize Abnormal Security recently received emails that contained a .ics attachment—an invitation file commonly used to populate online calendar applications with meeting and event information.
Read More
Blog tsa scam cover
On November 9, 2021, we identified an unusual phishing email that claimed to be from “Immigration Visa and Travel,” inviting the recipient to renew their membership in the TSA PreCheck program. The email wasn’t sent from a .gov domain, but the average consumer might not immediately reject it as a scam, particularly because it had the term “immigrationvisaforms” in the domain. The email instructed the user to renew their membership at another quasi-legitimate-looking website.
Read More
Quishing blog cover
What is unique to this campaign is that these messages contained QR codes offering access to a missed voicemail, handily avoiding the URL scan feature for email attachments present in secure email gateways and native security controls
Read More
Extortion blog cover
Unfortunately, physically threatening extortion attempts sent via email continue to impact companies and public institutions when received—disrupting business, intimidating employees, and occasioning costly responses from public safety.
Read More
 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

 
Integrates Insights Reporting 09 08 22