Fake scan-to-email message
Fake shipping notification with link to free file hosting
Fake thread with suspicious indicators
Fake voicemail notification (untrusted sender)
Fake warning banner using confusable characters
Fake Zoho Sign template abuse
Fake Zoom meeting invite with suspicious link
File sharing link with a suspicious subject
Fraudulent e-commerce operators
Fraudulent order confirmation/shipping notification from Chinese sender domain
Free email provider sender with mismatched provider reply-to
Free subdomain link with login or captcha (untrusted sender)
Generic service abuse from newly registered domain
Google Drive direct download link from unsolicited sender
Google Notification alert link from non-Google sender
Google presentation open redirect phishing
Hardbacon infrastructure abuse
Headers: Fake in-reply-to with wildcard sender and missing thread context
Headers: Invalid recipient domain with mismatched reply-to from new sender
Headers: System account impersonation with empty sender address
Honorific greeting BEC attempt with sender and reply-to mismatch
HR impersonation via e-sign agreement comment
HTML: Bidirectional (BIDI) HTML override with right to left obfuscation
Image as content with a link to an open redirect (unsolicited)
Impersonation: Executive using numbered local part
Impersonation: Human Resources with link or attachment and engaging language
Impersonation: Internal corporate services
Impersonation: Legal firm with copyright infringement notice
Impersonation: Recipient organization in sender display name with credential theft image
Impersonation: Salesforce fake campaign failure notification
Impersonation: SharePoint reply header anomaly
Impersonation: Social Security Administration (SSA)
Impersonation: Suspected supplier impersonation with suspicious content
Impersonation using recipient domain (untrusted sender)
Inbound message from popular service via newly observed distribution list
Invoicera infrastructure abuse
Issuu document with suspicious embedded link
Job scam (unsolicited sender)
Job scam with specific salary pattern
Link abuse: Self-service creation platform link with suspicious recipient behavior
Link: Apple App Store malicious ad manager themed apps from free email provider
Link: Base64 encoded recipient address in URL fragment with subject hash
Link: Blogspot hosting explicit romance content
Link: Breely link masquerading as PDF
Link: chatbot.page platform abuse
Link: Cloud service with credential theft language
Link: Credential phishing traversing Russian infrastructure
Link: Credential phishing via WordPress
Link: Credential theft with invisible Unicode character in page title from unsolicited sender
Link: Cryptocurrency fraud with suspicious links