Phishing Database: Real Email Phishing Attack Examples & Threats
Define your search below to see the real threats that are evading email gateways.
See How Your SEG is Performing →
Filter by SEG
SEG
Tactic
Theme
ENVIRONMENTS: Microsoft Defender for O365
TYPE: QakBot
POSTED ON: 12/14/2022
TACTIC: HTML Attachment
THEME: Notification
PHISHING EXAMPLE DESCRIPTION: Notification-themed emails found in environments protected by Microsoft ATP deliver a password protected .zip archive via an attached HTML file. The archive contains an .img file which contain a QakBot .dll and a .lnk file which is used to run the .dll.
ENVIRONMENTS: Mimecast
TYPE: Credential Phishing
POSTED ON: 12/13/2022
TACTIC: Link
THEME: Notification
PHISHING EXAMPLE DESCRIPTION: Notification-themed emails found in environments protected by Mimecast deliver Credential Phishing via an embedded link.
ENVIRONMENTS: Microsoft Defender for O365
TYPE: Credential Phishing
POSTED ON: 12/13/2022
TACTIC: Link
THEME: Notification
PHISHING EXAMPLE DESCRIPTION: Notification-themed emails found in environments protected by Microsoft ATP and Symantec MessageLabs deliver Credential Phishing via an embedded link.
ENVIRONMENTS: Symantec MessageLabs
TYPE: Credential Phishing
POSTED ON: 12/13/2022
TACTIC: Link
THEME: Notification
PHISHING EXAMPLE DESCRIPTION: Notification-themed emails found in environments protected by Microsoft ATP and Symantec MessageLabs deliver Credential Phishing via an embedded link.
ENVIRONMENTS: Proofpoint
TYPE: Credential Phishing
POSTED ON: 12/12/2022
TACTIC: HTML Attachment
THEME: Finance
PHISHING EXAMPLE DESCRIPTION: Finance-themed emails found in environments protected by Proofpoint deliver Credential Phishing via an HTML attachment.
ENVIRONMENTS: Microsoft Defender for O365
TYPE: Credential Phishing
POSTED ON: 12/09/2022
TACTIC: XLSX Attachment
THEME: Finance
PHISHING EXAMPLE DESCRIPTION: Finance-themed emails found in environments protected by Microsoft ATP deliver Credential Phishing via an attached Office Document. The Office Document contains a URL which leads to a Credential Phishing website.
ENVIRONMENTS: Cisco Ironport
TYPE: Credential Phishing
POSTED ON: 12/08/2022
TACTIC: Link
THEME: DKB-spoofing emails
PHISHING EXAMPLE DESCRIPTION: DKB-spoofing emails found in environments protected by Proofpoint and Cisco Ironport deliver Credential Phishing via an embedded URL.
ENVIRONMENTS: Proofpoint
TYPE: Credential Phishing
POSTED ON: 12/08/2022
TACTIC: Link
THEME: DKB-spoofing emails
PHISHING EXAMPLE DESCRIPTION: DKB-spoofing emails found in environments protected by Proofpoint and Cisco Ironport deliver Credential Phishing via an embedded URL.
ENVIRONMENTS: Microsoft Defender for O365
TYPE: FormBook
POSTED ON: 12/07/2022
TACTIC: DOCX Attachment
THEME: Request
PHISHING EXAMPLE DESCRIPTION: Request-themed emails deliver a .one OneNote file containing a WSF file with a reversed file name. The WSF file downloads FormBook and a decoy .one file.
ENVIRONMENTS: Microsoft Defender for O365
TYPE: Credential Phishing
POSTED ON: 12/06/2022
TACTIC: HTML Attachment
THEME: Finance
PHISHING EXAMPLE DESCRIPTION: Finance-themed emails found in environments protected by Microsoft ATP and Symantec MessageLabs deliver Credential Phishing embedded in attached HTML files.
ENVIRONMENTS: Symantec MessageLabs
TYPE: Credential Phishing
POSTED ON: 12/06/2022
TACTIC: HTML Attachment
THEME: Finance
PHISHING EXAMPLE DESCRIPTION: Finance-themed emails found in environments protected by Microsoft ATP and Symantec MessageLabs deliver Credential Phishing embedded in attached HTML files.
ENVIRONMENTS: Microsoft Defender for O365
TYPE: BEC
POSTED ON: 12/06/2022
TACTIC: BEC
THEME: Part time job-themed email
PHISHING EXAMPLE DESCRIPTION: Part time job-themed emails found in environments protected by Microsoft ATP deliver BEC. Specifically, the emails are likely seeking collaborators for a reshipping scam.
ENVIRONMENTS: Microsoft Defender for O365
TYPE: BEC
POSTED ON: 12/05/2022
TACTIC: BEC
THEME: Finance
PHISHING EXAMPLE DESCRIPTION: Finance-themed emails found in environments protected by Mimecast and Microsoft ATP deliver BEC.
ENVIRONMENTS: Mimecast
TYPE: BEC
POSTED ON: 12/05/2022
TACTIC: BEC
THEME: Finance
PHISHING EXAMPLE DESCRIPTION: Finance-themed emails found in environments protected by Mimecast and Microsoft ATP deliver BEC.
ENVIRONMENTS: Proofpoint
TYPE: Credential Phishing
POSTED ON: 12/05/2022
TACTIC: HTML Attachment
THEME: Finance
PHISHING EXAMPLE DESCRIPTION: Finance-themed emails found in environments protected by Proofpoint and Symantec MessageLabs deliver Credential Phishing embedded in attached HTML files.
ENVIRONMENTS: Symantec MessageLabs
TYPE: Credential Phishing
POSTED ON: 12/05/2022
TACTIC: HTML Attachment
THEME: Finance
PHISHING EXAMPLE DESCRIPTION: Finance-themed emails found in environments protected by Proofpoint and Symantec MessageLabs deliver Credential Phishing embedded in attached HTML files.
ENVIRONMENTS: Microsoft Defender for O365
TYPE: Credential Phishing
POSTED ON: 12/05/2022
TACTIC: HTML Attachment
THEME: Finance
PHISHING EXAMPLE DESCRIPTION: Finance-themed emails found in environments protected by Microsoft ATP and Cisco Ironport deliver Credential Phishing embedded in an attached HTML file.
ENVIRONMENTS: Cisco Ironport
TYPE: Credential Phishing
POSTED ON: 12/05/2022
TACTIC: HTML Attachment
THEME: Finance
PHISHING EXAMPLE DESCRIPTION: Finance-themed emails found in environments protected by Microsoft ATP and Cisco Ironport deliver Credential Phishing embedded in an attached HTML file.
ENVIRONMENTS: Microsoft Defender for O365
TYPE: Credential Phishing
POSTED ON: 12/05/2022
TACTIC: SHTML Attachment
THEME: Benefits
PHISHING EXAMPLE DESCRIPTION: Benefits-themed found in environments protected by Proofpoint, Microsoft ATP, and Symantec MessageLabs emails deliver Credential Phishing embedded in attached HTML files
ENVIRONMENTS: Proofpoint
TYPE: Credential Phishing
POSTED ON: 12/05/2022
TACTIC: SHTML Attachment
THEME: Benefits
PHISHING EXAMPLE DESCRIPTION: Benefits-themed found in environments protected by Proofpoint, Microsoft ATP, and Symantec MessageLabs emails deliver Credential Phishing embedded in attached HTML files
ENVIRONMENTS: Symantec MessageLabs
TYPE: Credential Phishing
POSTED ON: 12/05/2022
TACTIC: SHTML Attachment
THEME: Benefits
PHISHING EXAMPLE DESCRIPTION: Benefits-themed found in environments protected by Proofpoint, Microsoft ATP, and Symantec MessageLabs emails deliver Credential Phishing embedded in attached HTML files
ENVIRONMENTS: Proofpoint
TYPE: Credential Phishing
POSTED ON: 12/02/2022
TACTIC: HTML Attachment
THEME: Finance
PHISHING EXAMPLE DESCRIPTION: Finance-themed emails found in environments protected by Proofpoint and Microsoft ATP deliver Credential Phishing embedded in an attached HTML file.
ENVIRONMENTS: Microsoft Defender for O365
TYPE: Credential Phishing
POSTED ON: 12/02/2022
TACTIC: HTML Attachment
THEME: Finance
PHISHING EXAMPLE DESCRIPTION: Finance-themed emails found in environments protected by Proofpoint and Microsoft ATP deliver Credential Phishing embedded in an attached HTML file.
ENVIRONMENTS: Microsoft Defender for O365
TYPE: Credential Phishing
POSTED ON: 12/02/2022
TACTIC: Link
THEME: Notification
PHISHING EXAMPLE DESCRIPTION: Notification-themed emails found in environments protected by Microsoft ATP deliver Credential Phishing via an embedded URL.
ENVIRONMENTS: Cisco Ironport
TYPE: Async RAT
POSTED ON: 12/01/2022
TACTIC: PDF Attachment
THEME: Finance
PHISHING EXAMPLE DESCRIPTION: Finance-themed emails found in environments protected by Microsoft ATP and Cisco Ironport deliver attached PDF files with links to download password protected archives. The archives contain Async RAT.
A phishing attack is when a fraudster sends an email to trick the recipient. The idea is to persuade the target into giving up sensitive information, for instance, your corporate network credentials, or perhaps to authorize some type of financial transaction. The vast majority of data breaches against businesses today begin as phishing attacks.
Just a couple of famous phishing examples:
The infamous Target breach back in 2013 started with a phishing email that gave attackers a foothold in Target’s business systems for further attacks.
Phishing appeared prominently in the Mueller Report on the 2016 presidential election hacking.
Some quick phishing statistics:
Over 55% organizations experienced a successful phish last year.
$12 billion is the 5-year global cost of just one type of phishing attack, business email compromise (BEC).
The average phishing attack costs a mid-sized business $3.86 million.
Our database has thousands of phishing examples, but most fit into one of these 3 categories:
Phishing Emails with Malicious Links: Sometimes a phishing attack is simply an email with an embedded link. When you click, you either unknowingly activate malware or are directed to a webpage that looks perfectly legitimate but is designed to harvest your information.
Phishing Attacks with Malicious Attachments: Phishing attackers often send emails with attachments containing malware. When you click, look out. Many times phishing attackers use popular document types such as Microsoft Word or Excel or even Adobe PDFs. They take advantage of the trust people place in popular business tools.
Business Email Compromise (BEC): BEC emails, also known as CEO Fraud, typically don’t use malware but simply try to manipulate the target into sending money. Traditionally, BEC phishing attacks try to get employees in the finance department to authorize wire transfers, for instance, to a “vendor” or “partner.” This kind of attack often uses ‘CEO fraud phishing’ where attackers pretend to be the CEO or CFO to spur quick action.
Phishing attack examples of real phish provide highly useful intelligence that helps security teams better pinpoint attacker methods and tactics. They help protect businesses from malware-bearing phish. Because attacker campaigns change quickly, real-world phishing examples are a central component of comprehensive security. Phishing attack examples reveal the latest threat actor maneuvers as they are being launched.
All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks.