Unique Email Attacks of the Week: January 29, 2023

Abnormal Intelligence provides unique insights about today’s modern email attacks so you can best prepare your organization. Here are six attacks that we observed over the last week.

Fake Billing Scam Leverages Look-alike Domain to Send Fraudulent $1,000,000 Invoice

Using a look-alike domain, an attacker impersonates a vendor and sends a remittance request for a fake invoice totaling nearly $1,000,000. Read more.

Attacker Provides Bogus Contact Info to Boost Credibility in Fake Loan Offer Scam Targeting Students

After spoofing a legitimate email address, a threat actor sends university students a fraudulent offer for loan services and includes seemingly accurate contact information. Read more.

Disney Impersonator Creates Multi-Stage Vishing and Fake Billing Scam Attack Using Personalized Attachments

An attacker uses a look-alike domain and Disney branding to trick a target into calling a fake customer service phone number related to a new Disney subscription. Read more.

DHL Impersonator Spoofs Legitimate Domain to Send Fake Failed Shipment Notification in Phishing Attack

An attacker attempts to steal sensitive information by encouraging the recipient to use a masked phishing link to update their shipping address for a pending delivery. Read more.

University HR Admin Impersonator Uses QR Code and Fake Microsoft Login Page in Credential Theft Attempt

Using official-sounding language, university branding, and a believable premise, an attacker attempts to steal sensitive information. Read more.

Attacker Compromises Legitimate Account and Embeds Phishing Link in Fake QuickBooks Payment Notification

Using a compromised email address, the threat actor sends a purposefully vague payment confirmation with an embedded phishing link. Read more.

For more unique attacks, visit the Attack Library 

For more attack insights and threat research, visit Abnormal Intelligence