Abnormal Blog

Secure email gateways (SEGs) have proven effective in the past, but they are ineffective against modern social engineering tactics and targeted email threats.

As spammers become more sophisticated across cloud services, Abnormal is addressing new attacks including this recent malicious calendar invite.

In this sophisticated credential phishing attack, the threat actor created a duplicate version of Stripe’s entire website.

While phishing emails have long been a popular way to steal Facebook login credentials, we’ve recently seen an increase in more sophisticated phishing attacks.

Higher education institutions continue to be prime targets for attack as cybercrimianls prey on unsuspecting students.

Abnormal Security recently identified a scam aimed at the Canadian electronic travel authorization (eTA) program, which bears a striking resemblance to a long-standing fraud scheme described in our post from several weeks ago targeting TSA travel program applicants.

Meeting invites are one of the most common types of emails sent today, so it should come as no surprise that attackers have found a way to manipulate them. Scores of recipients that utilize Abnormal Security recently received emails that contained a .ics attachment—an invitation file commonly used to populate online calendar applications with meeting and event information.

On November 9, 2021, we identified an unusual phishing email that claimed to be from “Immigration Visa and Travel,” inviting the recipient to renew their membership in the TSA PreCheck program. The email wasn’t sent from a .gov domain, but the average consumer might not immediately reject it as a scam, particularly because it had the term “immigrationvisaforms” in the domain. The email instructed the user to renew their membership at another quasi-legitimate-looking website.

What is unique to this campaign is that these messages contained QR codes offering access to a missed voicemail, handily avoiding the URL scan feature for email attachments present in secure email gateways and native security controls

Unfortunately, physically threatening extortion attempts sent via email continue to impact companies and public institutions when received—disrupting business, intimidating employees, and occasioning costly responses from public safety.

Credential phishing links are most commonly sent by email, and they typically lead to a website that is designed to look like common applications—most notably Microsoft Office 365, Google, Amazon, or other well-known...

No one wants to receive an email from human resources that they aren’t expecting. After all, that usually means bad news. And when we think there may be bad news, cybersecurity training tends to fall by the wayside. Threat actors know this, and they’re taking advantage of human emotions.

Identity theft is not a joke, impacting more than 14 million people each year in the United States alone. Over the course of their lifetime, nearly one-third of all people will become victims of identity theft—often as a result of a corporate data breach. Once attackers have access to identifying information like your full name, address, date of birth, and/or social security number...

With school starting this month, cybercriminals are back in action—targeting university students in an attempt to steal valuable personal information. In a recent attack uncovered by Abnormal, a credential phishing attacker used a legitimate email account and created false urgency to steal student credentials through a phishing website.

As the details emerge on the ransomware attack that sent a major U.S. oil pipeline operated by Colonial Pipeline offline for a week, what we do know is that the likelihood the attack emerged from a malicious phishing email attack is extremely high. Earlier this week...

A request for quote (RFQ) continues to increase in popularity as an attack type, as vendors are likely to open the attachments or click the links associated with these types of email. In this attack, attackers disguise harmful malware as a RFQ...

IRS email impersonations are widespread across all industries. These attacks vary in scale and victim, targeting both individuals and companies as a whole. This particular attack follows the growing trend of utilizing social engineering strategies for malicious engagement...

In this attack, attackers impersonate a company's Human Resources department and send a COVID-19 scan via a lookalike Microsoft Office 365 email. The original message to the recipient appears to originate from the company’s internal human resources email address.

When attempting to gain credentials to a Google account, the best brand to impersonate is likely Google. In this account, threat actors sent an urgent account message to trick recipients into inputting their Google credentials, hoping to trick...

In a recent attack uncovered by Abnormal Security, the attacker impersonates LinkedIn to send a malicious attachment that could lead to identity theft. Once the attachment is opened, the victim is asked to put in personal identifying information, including their social security number.

PayPal is a well-known money transfer application, used often between friends and family as well as for small businesses. Because PayPal accounts are often linked to credit cards and bank accounts, the company itself is a commonly impersonated brand from attackers...

Because they contain the keys to the financial kingdom and allow attackers direct access to money, banks tend to be some of the most impersonated organizations. In this attack, attackers mimic an automated notification from BB&T in order to steal recipients' online banking...

Attackers impersonated USPS while sending out phishing emails designed to steal payment credentials.

Scammers impersonated the Department of Labor and offered supposed relief funds to phish sensitive and identifying information.