Unique Email Attacks of the Week: March 4, 2024

Abnormal Intelligence provides unique insights about today’s modern email attacks so you can best prepare your organization. Here are six attacks we observed over the last month.?

Likely AI-Generated United Nations Impersonator Attempts Credential Vishing Using $3.5 Million Payout as Lure

In a modern twist on the classic “Nigerian Prince” scam, an attacker poses as a UN employee to establish trust and compel the target to contact them via the provided phone number. Read more

Attacker Poses as Company Executive and Attempts to Establish Trust to Exploit for Future Financial Crimes

By discussing sensitive topics and establishing a rapport, an attacker hopes to convince a target to comply with fraudulent requests in the future. Read more

Attacker Uses Spoofed Domain to Send Fake Voicemail Notification Linked to Phishing Page

An attacker mimics a voice messaging service to lure a target to enter login credentials on a counterfeit landing page. Read more

Threat Actor Sends Fake DocuSign Notification of Payroll and Benefits Update in QR Code Phishing Attack

An attacker attempts credential theft via a PDF attachment with DocuSign branding containing a QR code linked to a phishing site impersonating a Microsoft login page. Read more

Vendor Impersonator Uses Cleverly-Designed Fake Microsoft Excel Spreadsheet to Attempt Credential Theft

After spoofing a legitimate domain, an attacker uses a fake password-protected financial document to steal sensitive information. Read more

Threat Actor Impersonates Santander Consumer Bank in Credential Phishing Attack

An attacker poses as a bank representative and creates a sense of urgency regarding the target’s credit card to compel them to click an embedded phishing link. Read more

For more unique attacks, visit the Attack Library

For more attack insights and threat research, visit Abnormal Intelligence