Unique Email Attacks of the Week: September 4, 2023
Abnormal Intelligence provides unique insights about today’s modern email attacks so you can best prepare your organization. Here are eight attacks that we observed over the last week.?
Featured Attack
Multi-Layer Payment Fraud Attack Attempts Redirect of $13.5 Million Invoice
Abnormal recently detected a multi-layered fake billing scam attack that begins with a compromised email account of Triumph Construction NY, a construction company involved with large infrastructure projects in New York City. After the attacker gains context from prior communications regarding a large project and invoice, they create a look-alike domain, "triumphcontructionny.com ," and ask for payment updates on a massive $13.5 million invoice, CCing several different recipients to stay connected to the thread.?
To further camouflage their malicious activity, the attacker strategically copies and pastes prior communications into the thread, and removes the authentic domain from the sender field in the header of the email. When one of the recipients replies to the thread, the attacker responds to continue building credibility, referencing prior communications and the hefty invoice in further replies.
TSB Bank Impersonator Uses Look-alike Domain in Likely AI-Generated Credential Phishing Attack
An attacker utilizes an unregistered look-alike domain as a mask to impersonate TSB Bank and steal sensitive information.
BEC Attack Impersonates HR Manager To Request Updated Payment Details for $1 Million Invoice
An attacker gains access to an Evolution Digital domain and attempts payment fraud by attaching a significant invoice and requesting new payment details.
Netflix Impersonator Likely Utilizes Generative AI in Credential Phishing Attack
An attacker takes control of a legitimate domain to impersonate Netflix customer support in a credential theft attempt.
领英推荐
Attacker Takes Over Established Domain in Likely AI-Generated Credential Phishing
An attacker breaks into an 21-year-old email account and links to a malicious IPFS gateway to steal sensitive information.
Likely AI-Generated Metlife Advisor Impersonator Attempts Financial Services Scam
An attacker uses social engineering techniques to build trust with a recipient before likely stealing sensitive information and money.
Fake Billing Scam Attempts Payment Fraud for $114,000 with New Banking Details
An attacker impersonates an accountant using a free webmail account to request payment of a $114,000 invoice.
Amazon Spoofer Attempts Credential Phishing with Look-alike Domain
Using friendly language and a hidden malicious link, an attacker impersonates Amazon to steal sensitive information.
For more unique attacks, visit the Attack Library ?
For more attack insights and threat research, visit Abnormal Intelligence