Attack spotlight

You’ve been invited to join a Meta for Business scam!

Salesforce infrastructure abuse: Stopping email scams and spam sent via SFDC

ICS phishing: Stopping a surge of malicious calendar invites

Direct Send abuse on Microsoft 365: Just another failed authentication

Facebook credential phishing with job scams impersonating well-known companies

Google Careers impersonation credential phishing scam with endless variation

UK Home Office visa & immigration scam targets Sponsor Management System accounts

Impersonated Evite and Punchbowl invitations used for credential phishing and malware distribution

Fake Meta Ads Manager in App Store and TestFlight used to phish Meta ad accounts

Callback phishing with online appointment abuse and distribution lists

Multi-RMM attack: Splashtop Streamer and Atera payloads delivered via Discord CDN link

Phishing for Xfinity credentials with malicious Zoom Docs

Living Off Trusted Sites: Zoom service abuse to deliver credential phishing attack

Using the X/Twitter link shortener (t.co) to hide an AITM credential phishing payload

AITM phishing with Russian infrastructure and detection evasion from a lapsed domain

Detecting an email-based ClickFix attack that delivers DCRat malware payload

ScreenConnect as malware via Canva abuse and Docusign impersonation

Figma abuse from compromised vendor used in credential theft attack

$500K financial fraud built on BEC, a domain lookalike, and a fake thread

Who are you trying to April Fool with that email scam?

Tycoon 2FA credential phishing with cloned internal employee login

Microsoft OAuth URL used as redirect to AITM credential phishing site

Seeing both sides of a service abuse financial fraud using YOPmail disposable messages

Base64-encoding an SVG attack within an iframe and hiding it all in an EML attachment

Scripting Vector Grifts: SVG phishing with smuggled JS and adversary in the middle tactics

Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits

Credential phishing Charles Schwab account holders with 2FA bypass

Hiding a $50,000 BEC financial fraud in a fake email thread

Callback phishing via invoice abuse and distribution list relays

B2B freight-forwarding scams on the rise to evade financial fraud crackdowns

Talking phish over turkey

Hidden credential phishing within EML attachments

Living Off the Land: Credential Phishing via Docusign abuse

Living Off the Land: Callback Phishing via Docusign comment

Adversarial ML: Extortion via LLM Manipulation Tactics

Payroll Fraud via LLM-Generated Emails

Abusing Discord to deliver Agent Tesla malware

Fake invoice used to conduct $16,800 BEC attempt

Detecting Credential Phishing using Deep Learning + MQL