Abnormal Blog

Healthcare continues to be a preferred method for cyber attacks, and this attack features an impersonation of UnitedHealthcare in the form of a request for a claim. The email appears to originate from notifications@e-notifications.myuhc.com, which is an authorized...

Recently, there has been a rise in scam emails demanding recipients to pay a ransom with bitcoin, or else the personal information attackers have gathered about the recipient will be released to the public. The means by which attackers have obtained this information...

Sending fraudulent purchase orders for goods and services is a common tactic attackers use to receive free merchandise. In this attack, attackers are impersonating the United States Transportation Command Office of Small Business Programs and sending an RFQ in...

As bitcoin and other cryptocurrencies become increasingly popular, attackers are taking advantage. This attack leverages bitcoin to fool early adopters of cryptocurrency with BTC Era into paying for what they believe is an investment, but is really a guise...

With unemployment on the rise, attackers are exploiting individuals in search of new positions. This method makes use of targeted social engineering techniques, combining email and mobile platforms, to reap information from victims. In this attack, malicious actors...

Compromised accounts are commonly used by cybercriminals to send additional attacks because they appear to originate from a trustworthy source—typically a known partner or customer, or a known coworker within the organization. In this attack, the account was first...

Skype is used prolifically in both casual and business settings. As a result of its affiliation with Microsoft, it is a popular choice for attackers to impersonate in order to trick victims into handing over their Microsoft credentials. In these attacks, the sender...

SharePoint is an increasingly popular tool for Microsoft users, especially in a time when millions of employees are working remotely. In this attack, malicious actors make use of an automated message from Sharepoint to send phishing emails. This attack...

Microsoft provides security alerts in the case of fraudulent logins on user accounts. Users are usually able to trust these emails due to the source being from a trusted brand. And because the email relates to account security, the recipient may unconsciously trust...

Microsoft Office offers one-time purchase and subscription plans and has numerous official resellers for its products. Scammers use this fact as an opportunity to impersonate Microsoft and their resellers in order to steal sensitive user data, as well as for...

Office 365 and its associated apps (Excel, PowerPoint, Word, and Outlook) are an integral business tool for many organizations. Hackers consistently target the Microsoft accounts of employees, as these accounts are linked to a treasure trove of...

SurveyMonkey is a survey service that is normally used to host legitimate surveys. However, sometimes attackers will utilize file sharing and surveying sites like SurveyMonkey to host redirect links to a phishing webpage. By using these legitimate services...

Social media access can provide a lens into other parts of a person's life, making Facebook and Twitter unique when it comes to credential phishing campaigns. In this attack, cybercriminals targeted a specific individual who works at an organization that heavily...

Abnormal Security has observed attackers impersonating major social media platforms like Instagram, Facebook, and Twitter to steal the login credentials of employees at enterprise organizations. In the past two months, we have seen a 60% increase for several organizations...

Financial institutions are common targets for attackers because of the amount of money in their control. Access to a user’s sensitive information would allow an attacker to commit identity theft, as well as steal any money associated with the account. Many of...

As the COVID-19 pandemic continues, governments worldwide are providing relief funds for small business owners impacted by lockdowns and closures. This allows attackers to exploit current efforts by the government, particularly since applicants to these funds...

Due to the transition to remote work during the COVID-19 pandemic, corporations have become more concerned about online security and privacy. Companies rely on VPNs to connect remote employees to vital company servers, as well as to provide secure...

Due to recent quarantine restrictions, companies have moved to online collaboration software and cloud-based applications. Despite the benefits of convenience and increased productivity from the use of cloud computing services, user accounts for these services...

It’s common practice for companies to send notification emails with purchase receipts and tracking information, especially for purchases that are on the expensive side. However, for individuals who have not made recent purchases, this can be alarming, as...

Vendor email compromise, in which a compromised vendor sends invoice or payment attacks to their customers, is growing in popularity. An easier to detect method of this attack happens when a vendor is impersonated, rather than compromised. In this attack, the...

We’ve seen an incredible uptick in collaboration software impersonations in the past month as the COVID-19 pandemic has forced people to work at home. Most of these attacks are associated with platforms like Google Workspace and Office 365, which can be...

Cybercriminals recently impersonated the US Navy Federal Credit Union with phishing emails to steal banking credentials.

Abnormal Security recently detected a phishing attempt that impersonated a DocuSign notification to steal user credentials.

Companies have largely transitioned to working from home where they can in response to the current pandemic and are relying on conferencing software such as Cisco WebEx. Attackers are taking advantage of this transition to impersonate collaboration and...