Attack Stories - Abnormal Security

Subscribe to receive twice-monthly updates of the latest attacks we've detected in the wild:

IRS Impersonation

IRS email impersonations are widespread across all industries. These attacks vary in scale and victim, targeting both individuals and companies as a whole. This particular attack follows the growing trend of utilizing

Read more

Vendor Spoofing Invoice Attack

In this attack, the attacker impersonates a known partner of the company and inquires about a pending invoice payment.

Read more

Covid Report from Microsoft Phishing Attack

In this attack, attackers impersonate a company’s Human Resources department by sending out a COVID-19 scan via a look-a-like Microsoft O365 email.

Read more

Crypto Wallet Impersonation

In the midst of uncertainty during this period of time, one thing that has consistently made headlines is high-profile data breaches. With serious attacks continuously underway, there has been a heightened sense

Read more

Google Mail Merge Impersonation

In this attack, credential phishing attackers send urgent impersonated account messages to trick recipients into giving up their credentials.

Read more

PPP Extended Coverage Phishing

In this attack, attackers impersonate a message from the United States government, claiming to provide information on the Paycheck Protection Program in an attempt to steal valuable credentials. Quick Summary of Attack

Read more

LinkedIn Identity Theft

In this attack, the attacker impersonates a policy change notification from LinkedIn in order to steal highly confidential information such as the victim’s social security number. Quick Summary of Attack Target Platform:

Read more

eBay Gift Card Invoice Attack

In this attack, attackers utilize a lookalike domain to impersonate eBay in an attempt to trick users into sending over payment in gift cards.

Read more

Spoofed PayPal Phishing Attack

In this attack, attackers use a method known as spoofing to impersonate PayPal, leading recipients to a phishing page.

Read more

BB&T Bank Impersonation Phishing

In this attack, attackers impersonate an automated notification from a well-known bank in order to steal recipients’ online banking login credentials.

Read more

USPS Credential Phishing

In this attack, attackers impersonate a USPS package tracking page to steal credit card credentials.

Read more

COVID-19 Department of Labor Phishing

In this attack, an attacker impersonates the New York Department of Labor claiming to administer relief funds in order to steal sensitive personal information.

Read more