Callback phishing via Intuit service abuse
Callback phishing via Zelle Service Abuse
Canva infrastructure abuse
Compensation review with QR code in attached EML
Credential phishing: Blue button styled link with file-sharing template artifacts
Credential phishing: Engaging language with IPFS link
Credential phishing: Fake password expiration from new and unsolicited sender
Credential phishing: Financial lure via ActiveCampaign infrastructure
Credential phishing link (unknown sender)
Credential phishing: Suspicious e-sign agreement document notification
Credential Phishing: W-2 lure with inline SVG Windows logo
Credential theft: Gophish abuse with hidden tracking image
CVE-2023-5631 - Roundcube Webmail XSS via crafted SVG
Deceptive Dropbox mention
EML attachment with credential theft language (unknown sender)
Extortion / sextortion (untrusted sender)
Fake message thread - Untrusted sender with a mismatched freemail reply-to address
Fake shipping notification with link to free file hosting
Fake thread with suspicious indicators
Fake voicemail notification (untrusted sender)
Fake Zoho Sign template abuse
Google share notification with suspicious comments
HTML: Bidirectional (BIDI) HTML override with right to left obfuscation
HTML smuggling with atob in message body
Image as content with a link to an open redirect (unsolicited)
Impersonation: Chrome Web Store policy
Impersonation: Fake Gmail attachment
Impersonation: SharePoint reply header anomaly
Impersonation: Social Security Administration (SSA)
Inline image as message with attachment or link
Link: Adobe share with suspicious indicators
Link: Display text with excessive right-to-left mark characters
Link: File sharing pretext with suspicious body and link
Link: Microsoft impersonation using hosted png with suspicious link
Link: PDF and financial display text to free file host
Link: PDF display text with fake copyright claim template
Link: Self-sender with sender org in subject and credential theft indicator
Link: SharePoint OneNote or PDF link with self sender behavior
Link: Suspicious SharePoint document name
Link: Uncommon SharePoint document type with sender's display name
Link: URL scheme obfuscation via split HTML anchors
Link: Zoho form link from unsolicited sender
Microsoft device code phishing
Open redirect (go2.aspx) leading to Microsoft credential phishing
Open Redirect: Google domain with /url path and suspicious indicators
Outlook hyperlink bypass: left-to-right mark (LRM) in base HTML tag
Potential prompt injection attack in body HTML
QR Code with suspicious indicators
Reconnaissance: All recipients cc/bcc'd or undisclosed