Fake Email Chain
Look-alike Domain
Spoofed Display Name
Fake Email Chain
No items found.
No items found.
Back to All Attacks
Attack Details
Attack Date:
Jun 21, 2022

Executive Impersonation Payment Fraud BEC Attack

Initial Email Content

Subject
Fwd: [Vendor Company Name] Invoice #15250
Body

Hi [Recipient First Name],


Please follow up with the below payment request for a job completed; pay the attached invoice and let me know once completed.


Thanks,


[Executive Name]

[Executive Title]

[Target Company Name]

[Target Company Address]



---------- Forwarded message ---------

From: [Vendor Employee Name] <[Lookalike Vendor Employee Username]@gmail.com>

Date: Tue, Jun 21, 2022 at 5:01 PM

Subject: [Vendor Company Name] Invoice #15250

To: <[Executive Look-alike Email Address>



Good afternoon Sir,


Please find the invoice attached.


If you could submit this for processing at your earliest convenience it would be highly appreciated; our cash flow is tight.


Thank you very much.


[Vendor Employee Name]

[Vendor Employee Title]

[Vendor Company Name]

Attack Screenshots

No items found.
No items found.

Malicious Artifacts

Additional Indicators of Compromise

Type

Description

No items found.

Attack Description

This text-based BEC attack impersonates an executive using a fake email chain, a look-alike domain, and a spoofed display name to request a fraudulent payment.

Analysis Overview

Type
Business Email Compromise
Tactic
Fake Email Chain
Look-alike Domain
Spoofed Display Name
Goal
Payment Fraud
Impersonated Party
Employee - Executive
Vector
Text-based
Theme
No items found.
Language