Abnormal Attack Repository
Learn about advanced email attacks that are bypassing legacy tools and the next generation tools required to protect today’s email environments.
Title & Description
Date
Type
March 5, 2025
Tax Season Phishing With Fake Zoom Invites
Phishing campaign delivering ScreenConnect bypassing traditional SEGs.
Credential Phishing
February 28, 2025
Fake CVs, Real Threat
Resume-Themed Lures Deliver Remcos RAT via Dropbox
Credential Phishing
February 21, 2025
Hidden in Plain Sight – QR Code Phishing via Embedded MHT
Evading SEGs by embedding MHT files inside of documents.
Credential Phishing
February 14, 2025
ADFS Under Siege: How Attackers Bypass MFA for Account Takeover
By evading SEGs and users, ADFS phishing tactics Lead to compromised accounts.
Credential Phishing
February 6, 2025
Adaptive Phishing: When Whimsical Fails, Lucid Strikes
Pivoting attack delivery to bypass users and SEGs, leading to ATO.
Credential Phishing
January 25, 2025
Phishing by Design: Threat Actors Exploit Figma for Social Engineering
Leveraging design collaboration platforms to bypass traditional SEGs.
Credential Phishing
January 17, 2025
Scams by Appointment: Exploiting Google Calendar Invites
Using calendar invites to bypass SEGs.
Business Email Compromise
January 9, 2025
Un-CODE-ing the Threat: How Punycode Powers the Latest BEC Attacks
Decoding the latest BEC tactic bypassing traditional SEGs.
Business Email Compromise
December 17, 2024
The Bait of Broken Files: Phishing Campaign Using Corrupted Word Docs
Leveraging corrupted attachments to evade SEGs.
Credential Phishing
December 16, 2024
Creative Phishing in the Cloud: Threat Actors Leverage Adobe Services
Financially themed Adobe documents evade traditional SEGs.
Credential Phishing
December 13, 2024
Executive Impersonation: The BEC Hunt for Customer Payment Records
C-suite impersonation used to extract sensitive financial information.
Business Email Compromise
November 29, 2024
Drag-and-Drop-and-Deceive: Build Your Own Phishing Site
Successful Account Takeover (ATO) leading to Lateral Phishing bypassing SEGs.
Credential Phishing
November 22, 2024
Signed and Compromised: Credential Phishing Through Legitimate DocuSign
Leveraging Document Signature Service to Bypass Traditional SEGs
Credential Phishing
November 19, 2024
Zooming In on Phishing: How Shared Documents Reel You In
Credential Phishing Documents Shared Through Zoom Bypass Traditional SEGs
Credential Phishing
November 15, 2024
From Email to Telegram: HTML Smuggling in Action
Dynamic Phishing Interface Rendered Locally Bypassing Microsoft Defender O365
Credential Phishing
October 31, 2024
An Image With a Link That Hooks You Without a Word
Interactive images are being used to evade traditional SEGs by mimicking legitimate messages and sources.
Credential Phishing