The A to Z of
Email Attacks
An exhaustive catalog of email-based cyber threats, from common phishing attempts to sophisticated state-sponsored attacks. A comprehensive guide for security professionals and executives.
FILTER BY SEVERITY
Select a severity level to filter the threats below
Account Takeover (ATO)
Unauthorized access to email accounts through credential theft, often leading to internal phishing campaigns.
Advance Fee Fraud
Classic "419" scams promising large payouts in exchange for upfront fees or personal information.
Attachment-Based Malware
Malicious files disguised as legitimate documents that install malware when opened.
Business Email Compromise (BEC)
Sophisticated fraud targeting business processes through executive impersonation and vendor spoofing.
Brand Impersonation
Emails mimicking trusted brands to steal credentials or distribute malware.
Bulk Phishing
Mass-distributed phishing emails targeting large numbers of recipients simultaneously.
CEO Fraud
Impersonation of executives to authorize fraudulent wire transfers or data requests.
Credential Harvesting
Phishing attacks designed specifically to steal usernames and passwords.
Clone Phishing
Replication of legitimate emails with malicious links or attachments substituted.
Domain Spoofing
Using similar-looking domains to impersonate legitimate organizations.
Display Name Spoofing
Manipulating sender display names while using different actual email addresses.
Deepfake Voice/Video
AI-generated audio or video content used to support email-based fraud schemes.
Email Bombing
Overwhelming email systems with massive volumes of messages to disrupt operations.
Executive Whaling
Highly targeted phishing attacks specifically aimed at senior executives and decision-makers.
Email Interception
Man-in-the-middle attacks capturing email communications in transit.
Fake Invoice Scams
Fraudulent billing requests designed to trick organizations into making payments.
Financial Fraud
Email-based schemes targeting banking information and financial transactions.
File-less Malware
Malicious code that operates in memory without leaving traditional file traces.
Gift Card Scams
Requests for gift card purchases under false pretenses, often impersonating executives.
Google Docs Phishing
Malicious sharing requests for fake Google Docs to harvest credentials.
Holiday Scams
Seasonal phishing campaigns exploiting holiday themes and shopping behaviors.
HTML Smuggling
Embedding malicious payloads within HTML attachments to bypass security filters.
Identity Theft
Email campaigns designed to steal personal identifying information for fraudulent use.
Internal Phishing
Attacks originating from compromised internal accounts to target other employees.
Job Scams
Fake employment opportunities used to collect personal information or advance fees.
Keylogger Distribution
Email delivery of software designed to capture keystrokes and steal credentials.
Link Manipulation
Disguising malicious URLs to appear legitimate and bypass user scrutiny.
Lottery Scams
Fake lottery winnings notifications requesting fees or personal information.
Mobile Phishing
Phishing attacks specifically designed for mobile email clients and smaller screens.
Malware-as-a-Service
Commercially available malware distributed through email campaigns.
Nigerian Prince Scams
Classic advance fee fraud schemes promising large financial rewards.
Network Reconnaissance
Email-based intelligence gathering about network infrastructure and security.
Office 365 Phishing
Targeted attacks against Microsoft Office 365 users and administrators.
Phishing
Deceptive emails designed to steal credentials, install malware, or commit fraud.
Pharming
Redirecting users from legitimate websites to fraudulent ones through DNS manipulation.
Pretexting
Creating false scenarios to manipulate victims into divulging information.
QR Code Phishing
Malicious QR codes in emails leading to phishing sites or malware downloads.
Ransomware Distribution
Email delivery of ransomware payloads that encrypt systems for financial extortion.
Romance Scams
Long-term relationship building to eventually request money or personal information.
Spear Phishing
Highly targeted phishing attacks using personal information about specific victims.
Supply Chain Attacks
Compromising trusted vendors to attack their customers through email communications.
Social Engineering
Psychological manipulation to trick users into compromising security.
Tax Scams
Impersonating tax authorities to steal personal information or payments.
Tech Support Scams
Fake technical support requests leading to system compromise or fraud.
Typosquatting
Registering domains with common typos of legitimate sites to intercept emails and steal credentials.
URL Shortening Abuse
Using shortened URLs to hide malicious destinations and bypass security filters.
Vendor Email Compromise (VEC)
Compromising supplier email accounts to attack their business partners.
Vishing (Voice Phishing)
Phone calls supporting email-based attacks or gathering information for future attacks.
VIP Impersonation
Impersonating high-profile individuals to gain trust and bypass security measures.
Watering Hole Attacks
Compromising websites frequently visited by target organizations.
Whaling
Sophisticated phishing attacks targeting high-value individuals like executives.
WiFi Phishing
Fake WiFi networks used to intercept email communications and credentials.
XML External Entity (XXE)
Exploiting XML processing vulnerabilities through malicious email attachments.
Year-End Scams
Seasonal fraud campaigns exploiting financial year-end processes and deadlines.
Zero-Day Exploits
Attacks leveraging unknown vulnerabilities before patches are available.
Zero-Click Attacks
Malware delivered via email that executes without any user interaction required.