Maliciously Registered Domain
Spoofed Display Name
Maliciously Registered Domain
COVID-19
Community Service
COVID-19
Back to All Attacks
Attack Details
Attack Date:
May 20, 2022

Executive Impersonation COVID-19 Community Service Gift Card Request BEC Attack

Initial Email Content

Subject
[Target Company Name]
Body

Hi [Recipient First Name],


Are you available at the moment? I am out of the State now and I need your assistance to handle a little project. I would have called your phone but I presently do not have access to my mobile phone. Can you please handle this for me on behalf of the association? [Target Company Name] is requesting gift card donations to assist Veterans at hospice care welfare with patients who have been negatively affected by the impact of the COVID-19 pandemic. Every gift helps provide resources that will help stabilize a Veteran and ensure a positive upward trajectory during this critical time. I have decided to make it a personal duty and I'll be responsible for the reimbursement of cards bought. Kindly confirm if you can help out.


[Executive Name]

[Executive Title]

[Target Company Name]

Attack Screenshots

No items found.
No items found.

Malicious Artifacts

Additional Indicators of Compromise

Type

Description

No items found.

Attack Description

This text-based BEC attack impersonates an executive using a maliciously registered domain, a spoofed display name, a COVID-19 theme, and a community service theme to request the purchase of gift cards.

Analysis Overview

Type
Business Email Compromise
Tactic
Maliciously Registered Domain
Spoofed Display Name
Goal
Gift Card Request
Impersonated Party
Employee - Executive
Vector
Text-based
Theme
COVID-19
Community Service
Language