Extended Spoofed Display Name
Matching Malicious Domain Username
Personalized Email Subject
Maliciously Registered Domain
Extended Spoofed Display Name
No items found.
No items found.
Back to All Attacks
Attack Details
Attack Date:
May 16, 2022

Employee Impersonation Payroll Diversion BEC Attack

Initial Email Content

Subject
Hello [Recipient Name]
Body

Hi [Recipient First Name],


I am closing my current account and I would like to make changes to my

Direct Deposit information with my new Bank account.


Can the changes be in effect before the current pay date?


Best Regards,


[Impersonated Employee Name]


Sent from my iPhone

Attack Screenshots

No items found.
No items found.

Malicious Artifacts

Additional Indicators of Compromise

Type

Description

No items found.

Attack Description

This text-based BEC attack impersonates an employee using an extended spoofed display name, a matching malicious domain username, a personalized email subject, and a maliciously registered domain to divert payroll deposits to a fraudulent account.

Analysis Overview

Type
Business Email Compromise
Tactic
Extended Spoofed Display Name
Matching Malicious Domain Username
Personalized Email Subject
Maliciously Registered Domain
Goal
Payroll Diversion
Impersonated Party
Employee - Other
Vector
Text-based
Theme
No items found.
Language