Abnormal Blog

Skype is used prolifically in both casual and business settings. As a result of its affiliation with Microsoft, it is a popular choice for attackers to impersonate in order to trick victims into handing over their Microsoft credentials. In these attacks, the sender...

SharePoint is an increasingly popular tool for Microsoft users, especially in a time when millions of employees are working remotely. In this attack, malicious actors make use of an automated message from Sharepoint to send phishing emails. This attack...

Microsoft provides security alerts in the case of fraudulent logins on user accounts. Users are usually able to trust these emails due to the source being from a trusted brand. And because the email relates to account security, the recipient may unconsciously trust...

Microsoft Office offers one-time purchase and subscription plans and has numerous official resellers for its products. Scammers use this fact as an opportunity to impersonate Microsoft and their resellers in order to steal sensitive user data, as well as for...

Office 365 and its associated apps (Excel, PowerPoint, Word, and Outlook) are an integral business tool for many organizations. Hackers consistently target the Microsoft accounts of employees, as these accounts are linked to a treasure trove of...

SurveyMonkey is a survey service that is normally used to host legitimate surveys. However, sometimes attackers will utilize file sharing and surveying sites like SurveyMonkey to host redirect links to a phishing webpage. By using these legitimate services...

Social media access can provide a lens into other parts of a person's life, making Facebook and Twitter unique when it comes to credential phishing campaigns. In this attack, cybercriminals targeted a specific individual who works at an organization that heavily...

Abnormal Security has observed attackers impersonating major social media platforms like Instagram, Facebook, and Twitter to steal the login credentials of employees at enterprise organizations. In the past two months, we have seen a 60% increase for several organizations...

Financial institutions are common targets for attackers because of the amount of money in their control. Access to a user’s sensitive information would allow an attacker to commit identity theft, as well as steal any money associated with the account. Many of...

Cyber threats are constantly evolving. Cybersecurity teams are most effective when they deploy defenses that protect against the threats that pose the greatest risk at any given time. Socially-engineered attacks—one of the most financially damaging threats...

As the COVID-19 pandemic continues, governments worldwide are providing relief funds for small business owners impacted by lockdowns and closures. This allows attackers to exploit current efforts by the government, particularly since applicants to these funds...

Due to the transition to remote work during the COVID-19 pandemic, corporations have become more concerned about online security and privacy. Companies rely on VPNs to connect remote employees to vital company servers, as well as to provide secure...

Due to recent quarantine restrictions, companies have moved to online collaboration software and cloud-based applications. Despite the benefits of convenience and increased productivity from the use of cloud computing services, user accounts for these services...

It’s common practice for companies to send notification emails with purchase receipts and tracking information, especially for purchases that are on the expensive side. However, for individuals who have not made recent purchases, this can be alarming, as...

Vendor email compromise, in which a compromised vendor sends invoice or payment attacks to their customers, is growing in popularity. An easier to detect method of this attack happens when a vendor is impersonated, rather than compromised. In this attack, the...

We’ve seen an incredible uptick in collaboration software impersonations in the past month as the COVID-19 pandemic has forced people to work at home. Most of these attacks are associated with platforms like Google Workspace and Office 365, which can be...

Cybercriminals recently impersonated the US Navy Federal Credit Union with phishing emails to steal banking credentials.

Abnormal Security recently detected a phishing attempt that impersonated a DocuSign notification to steal user credentials.

Companies have largely transitioned to working from home where they can in response to the current pandemic and are relying on conferencing software such as Cisco WebEx. Attackers are taking advantage of this transition to impersonate collaboration and...

We caught a recent phishing attack through a fake Microsoft Teams email designed to steal Office 365 login credentials.

The work landscape is changing as employees move to working remotely because of COVID-19 shelter-in-place orders. As a result, people are switching from in-person meetings to online video conferencing software such as Zoom. In this attack, attackers pose as a...