Back to All Attacks
Attack Details
Attack Date:
Jun 13, 2022

Executive Impersonation Overdue Payment Payment Fraud BEC Attack

Initial Email Content

Subject
Invoice
Body

Good Morning,

    

 This is Ok to pay. See below and attached. Please set up ACH for the attached invoice today.

---------- Forwarded message ---------

From: LinkedIn Receivables Team <cindy.deguzman@receivable-linkedin.com>

Date: Friday, May 27, 2022 12:27 PM

Subject: Reference Number(s):CS4815555-18 LinkedIn Invoice(s)

To: [Executive Name]

Dear Customer,

Invoices on your LinkedIn account are past due.

This is a friendly reminder that you currently owe: $4,967.50

Please send payment via ACH only using the bank details provided on the invoice.

Please note: You may notice some improvements to your invoice. As part of our ongoing commitment to deliver a better billing experience, we have introduced several changes. To learn more about your new invoice, check on our website.

For payment related questions please reply to this email without changing the subject line.

Sincerely,

Cindy De Guzman

LinkedIn Collections

Attack Screenshots

No items found.

Malicious Artifacts

Additional Indicators of Compromise

Type

Description

No items found.

Attack Description

This text-based BEC attack impersonates an executive using a fake email chain, a maliciously registered domain, a spoofed display name, and an overdue payment theme to request a fraudulent payment.

Analysis Overview

Tactic
Fake Email Chain
Maliciously Registered Domain
Spoofed Display Name
Goal
Payment Fraud
Impersonated Party
Employee - Executive
Vector
Text-based
Theme
Overdue Payment
Language