Abnormal Blog

At Abnormal Security, we’re constantly exploring opportunities to improve our customer’s user experience. In this blog post, we’d like to share Abnormal’s process to design a framework to identify gaps and improve customer’s first-time user experience to onboard our platform.

Abnormal Security prides itself on its differentiated technology and superior efficacy when it comes to stopping advanced email attacks. Despite the overwhelming effectiveness of our platform, like all advanced AI systems...

In this attack, attackers impersonate a company's Human Resources department and send a COVID-19 scan via a lookalike Microsoft Office 365 email. The original message to the recipient appears to originate from the company’s internal human resources email address.

This January, I joined Abnormal Security as a new grad Software Engineer. As you might expect in the midst of the COVID-19 pandemic, the onboarding process was entirely remote. Prior to graduating from MIT with my BS in Electrical Engineering and Computer Science, I had interned...

When attempting to gain credentials to a Google account, the best brand to impersonate is likely Google. In this account, threat actors sent an urgent account message to trick recipients into inputting their Google credentials, hoping to trick...

The prolific attack on SolarWinds and their partner ecosystem will forever change how we view supply chain security and the role email communication plays in it. As the events and details surrounding the attack continue to unfold, we have learned from the company itself...

The primary value that Abnormal brings to email security is an advanced, ML-based detection system that can extract and analyze thousands of signals, identify patterns, and adapt over time to detect important attacks–without relying exclusively on threat intel or...

At the core of all Abnormal’s detection products sits a sophisticated web of prediction models. For any of these models to function, we need deep and thoughtfully engineered features, careful modeling of sub-problems, and the ability to join data from a set of databases. For example, one type of email attack...

In a recent attack uncovered by Abnormal Security, the attacker impersonates LinkedIn to send a malicious attachment that could lead to identity theft. Once the attachment is opened, the victim is asked to put in personal identifying information, including their social security number.

Abnormal Security recently detected two new types of attacks where scammers are targeting victims by redirecting their own Microsoft 365 out-of-office replies as well as read receipts back to them. These tactics indicate attackers are using every available tool and loophole...

At Abnormal, the problems we are trying to solve are not that much different from those being tackled by other organizations, including large enterprises. What is unique to startups are the additional constraints placed on the solution space, such as the amount...

PayPal is a well-known money transfer application, used often between friends and family as well as for small businesses. Because PayPal accounts are often linked to credit cards and bank accounts, the company itself is a commonly impersonated brand from attackers...

Because they contain the keys to the financial kingdom and allow attackers direct access to money, banks tend to be some of the most impersonated organizations. In this attack, attackers mimic an automated notification from BB&T in order to steal recipients' online banking...

Attackers impersonated USPS while sending out phishing emails designed to steal payment credentials.

Cybercriminals attempted a phishing scam to access cryptocurrency wallets by impersonating Ledger.

Scammers impersonated the Department of Labor and offered supposed relief funds to phish sensitive and identifying information.

Facebook phishing attacks are popular because users tend to use the same email address and password for other sites. In this attack, the cybercriminal impersonates Facebook to send out a phishing attack using a legitimate Facebook link.

For SOC analysts, managing an employee-reported phishing mailbox can be a double-edged sword. On one hand, legacy tools have made it easy for employees to report would-be business email compromise (BEC) and credential phishing emails. On the other hand...

Although tax season has passed, IRS impersonation scams persist, putting many Americans at risk for identity theft and payment fraud. In this attack, scammers impersonate the IRS by sending out a fake tax form to collect valuable personal and financial information.

Threat researchers at Abnormal Security recently discovered a coordinated spear-phishing campaign targeting numerous enterprise organizations. The attackers compromised hundreds of legitimate accounts and are sending emails...

Quickbooks is popular accounting software that also supports the management of essential business functions such as payroll, billing, and invoicing. Its widespread use, especially among small businesses, has made it a target for impersonation...

With many employees forced to work from home because of COVID-19, cybercriminals can take advantage of the fear and uncertainty caused by the pandemic. This attack features a new phishing scheme around returning to the office. Despite (or perhaps because of) the rise in COVID-19...

On October 21st, 2020, just two weeks before the US general election, many voters in Florida received threatening emails purportedly from the “Proud Boys." These attacks often included some personal information like an address or phone number, threatened violence...

At Abnormal Security, one of our key objectives is to build a detection engine that can continuously adapt to a changing attack landscape. As such, we want to ensure that our systems can rapidly adjust to recent and high-value messages—even with...