Attack Library

Know your enemy.

A living reference of phishing techniques, evasion tactics, and BEC patterns — with plain-English explanations of how each attack works and how Cambrient's agents catch them.

6 attacks
Multi-Hop Redirect Chain
Critical
Evasion
"The threat is never in the first link."
Business Email Compromise (BEC)
Critical
Impersonation
"No malware. No links. Just trust."
Credential Harvesting Page
High
Payload
"A perfect copy of a login page you trust."
QR Code Phishing (Quishing)
High
Evasion
"The link is in the image. Scanners can't see it."
Lookalike Domain Attack
High
Impersonation
"One character off. Impossible to spot at a glance."
Malware via Trusted Send Platform
Medium
Payload
"Sent from a legitimate ESP. Delivered with full trust."
EvasionCritical

Multi-Hop Redirect Chain

"The threat is never in the first link."

Attackers route victims through 2–5 intermediate domains — often legitimate services like Bit.ly, Firebase, or Cloudflare Pages — before landing on the credential harvester. Each hop looks clean individually. URL reputation checkers never follow the chain.

How the attack works
1
Victim receives email with a Bit.ly link (trusted domain, passes reputation check)
2
Bit.ly redirects to a CDN-hosted tracking pixel on a legitimate-looking domain
3
CDN redirects to a Firebase or Cloudflare Pages host
4
Final destination: fake Microsoft 365 or Outlook login page
5
Credentials harvested and forwarded to attacker in real time
How Cambrient catches this

Cambrient's agents follow every redirect hop, render each page, and evaluate content at each step. The chain terminates when the agent finds a login form that doesn't match the claimed sender.

Real-world example

A phishing campaign targeting HR departments used LinkedIn redirect parameters as the first hop, routing through a legitimate career portal before landing on a fake DocuSign credential harvester. Defender delivered it cleanly.

See how Cambrient catches all of these.

Book a demo and we'll run a live example of any attack in this library against your domain.