Fake Email Chain
Maliciously Registered Domain
Spoofed Display Name
Fake Email Chain
Fake Invoice
Fake Invoice
Back to All Attacks
Attack Details
Attack Date:
May 19, 2022

Executive Impersonation Fake Invoice Payment Fraud BEC Attack

Initial Email Content

Subject
FW: Account 100015389930
Body

Can you handle this today? Payment has to be made via ACH.



---------- Forwarded message ---------

From: [VENDOR NAME] <donotreply@payments-thesilverlining.com>

Date: Mon, May 02, 2022 at 04:11 PM

Subject: Account 100015389930

To: [Executive Name]


You have received an invoice from [VENDOR NAME] which is attached to this email for preview. Please make payment via ACH or Wire Transfer, the Bank information is on the invoice.


If you are experiencing issues viewing the attached pdf via a mobile device, please use your standard mail client or webmail.


Thank you,

[VENDOR NAME]



Please do not reply to this email as this is a non-monitored account.

For assistance, don't hesitate to get in touch with [Vendor Employee Name], Billing Department, via email at [Username]@payments-thesilverlining.com.

Attack Screenshots

No items found.
No items found.

Malicious Artifacts

Additional Indicators of Compromise

Type

Description

No items found.

Attack Description

This text-based BEC attack impersonates an executive using a fake email chain, a maliciously registered domain, a spoofed display name, and a fake invoice theme to request a fraudulent payment.

Analysis Overview

Type
Business Email Compromise
Tactic
Fake Email Chain
Maliciously Registered Domain
Spoofed Display Name
Goal
Payment Fraud
Impersonated Party
Employee - Executive
Vector
Text-based
Theme
Fake Invoice
Language