Abnormal Blog

Cyber threats are constantly evolving. Cybersecurity teams are most effective when they deploy defenses that protect against the threats that pose the greatest risk at any given time. Socially-engineered attacks—one of the most financially damaging threats...

As the COVID-19 pandemic continues, governments worldwide are providing relief funds for small business owners impacted by lockdowns and closures. This allows attackers to exploit current efforts by the government, particularly since applicants to these funds...

Due to the transition to remote work during the COVID-19 pandemic, corporations have become more concerned about online security and privacy. Companies rely on VPNs to connect remote employees to vital company servers, as well as to provide secure...

Due to recent quarantine restrictions, companies have moved to online collaboration software and cloud-based applications. Despite the benefits of convenience and increased productivity from the use of cloud computing services, user accounts for these services...

It’s common practice for companies to send notification emails with purchase receipts and tracking information, especially for purchases that are on the expensive side. However, for individuals who have not made recent purchases, this can be alarming, as...

Vendor email compromise, in which a compromised vendor sends invoice or payment attacks to their customers, is growing in popularity. An easier to detect method of this attack happens when a vendor is impersonated, rather than compromised. In this attack, the...

We’ve seen an incredible uptick in collaboration software impersonations in the past month as the COVID-19 pandemic has forced people to work at home. Most of these attacks are associated with platforms like Google Workspace and Office 365, which can be...

Cybercriminals recently impersonated the US Navy Federal Credit Union with phishing emails to steal banking credentials.

Abnormal Security recently detected a phishing attempt that impersonated a DocuSign notification to steal user credentials.

Companies have largely transitioned to working from home where they can in response to the current pandemic and are relying on conferencing software such as Cisco WebEx. Attackers are taking advantage of this transition to impersonate collaboration and...

We caught a recent phishing attack through a fake Microsoft Teams email designed to steal Office 365 login credentials.

The work landscape is changing as employees move to working remotely because of COVID-19 shelter-in-place orders. As a result, people are switching from in-person meetings to online video conferencing software such as Zoom. In this attack, attackers pose as a...

Cybercriminals are leveraging the uncertainty around the spread of COVID-19 as everyone focuses more on safety and security during these times. As markets crash, the attacker knows that people will look to p...

As the world is stuck inside, shipping items has increased and cybercriminals are taking notice. In a recent scam, attackers created an email to impersonate DHL and claimed that a package intended for the re...

Credential phishing attacks are not new, and impersonating Microsoft is well-known at this point. However, this attack is unique because the attacker was not simply asking for email credentials. Instead, the...

Executive impersonation is one of the most prevalent forms of business email compromise because it is typically easy to do. The attacker only needs to know the name and job type of a high-profile executive, ...