Invitation To Bid Farewell Your Credentials

Phishing Delivery: A phishing email impersonates a formal Request for Proposal (RFP), inviting the target to bid on a project. The email includes a preview link labeled as a PDF attachment, which leads to a Box-themed decoy page, eventually redirecting to a fake Microsoft login page for credential harvesting.

Verified Source: Email sent from a domain passing sender authentication checks.

Box-Themed Spoof: The attacker mimicked Box’s login flow, but hosted the phishing content on a high-reputation domain that previously served legitimate content.

URL Crawling/Analysis Protection: The added Captcha functionality limits automated link crawling and URL analysis features, increasing the difficulty for automated detection.

Behavioral Analysis: Abnormal’s Behavioral AI flags never-before-seen senders, unusual email content, and URLs as anomalies that enable the detection of novel attacks.

Content Analysis and Natural Language Processing: Abnormal understands the email's content, recognizing the urgency and financial implications as indicators of a financial themed attack.