Attachment: Calendar invite with suspicious link leading to an open redirect
Attachment: Callback phishing solicitation via image file
Attachment: Callback phishing solicitation via pdf file
Attachment: PDF file with link to fake Bitcoin exchange
BEC/Fraud: Job scam fake thread or plaintext pivot to freemail
BEC/Fraud: Scam lure with freemail pivot
BEC/Fraud: Student loan callback phishing
BEC/Fraud: Urgent language and suspicious sending/infrastructure patterns
BEC with unusual reply-to or return-path mismatch
Brand impersonation: Hulu
Brand impersonation: KnowBe4
Brand impersonation: Norton
Brand impersonation: SiriusXM
Brand impersonation: Zoom via lookalike domain
Business Email Compromise (BEC) attempt with masked recipients and reply-to mismatch (unsolicited)
Callback phishing: AOL senders with suspicious HTML template or PDF attachment
Callback phishing: Social Security Administration fraud
Callback phishing solicitation in message body
Callback phishing via e-signature service
Callback phishing via Google Group abuse
Callback phishing via Intuit service abuse
Callback phishing via Zoho service abuse
Canva infrastructure abuse
ClickFunnels link infrastructure abuse
Constant Contact link infrastructure abuse
COVID-19 themed fraud with sender and reply-to mismatch or compensation award
Credential phishing: Engaging language and other indicators (untrusted sender)
Credential phishing language and suspicious indicators (unknown sender)
Domain impersonation: Freemail reply-to local lookalike with financial request
Employee impersonation: Payroll fraud
Extortion / Sextortion - PDF attachment leveraging breach data from freemail sender
Fake message thread - Untrusted sender with a mismatched freemail reply-to address
Free email provider sender with mismatched provider reply-to
Google services using g.co shortlinks
Honorific greeting BEC attempt with sender and reply-to mismatch
Impersonation: Chrome Web Store policy
Impersonation: Executive using numbered local part
Impersonation: Suspected supplier impersonation with suspicious content
Link abuse: Self-service creation platform link with suspicious recipient behavior
Link: Apple App Store malicious ad manager themed apps from free email provider
Link: Apple TestFlight from free email provider
Link: Google Calendar invite linking to an open redirect from an untrusted freemail sender
Link: Invoice or receipt from freemail sender with customer service number
Link: Multistage landing - Abused Google Drive
Link: PDF and financial display text to free file host
Mass campaign: Cross Site Scripting (XSS) attempt
Message traversed multiple onmicrosoft.com tenants
Reconnaissance: Email address harvesting attempt