Fake Attachment
External Compromised Account
Fake Attachment
Fake Invoice
Fake Invoice
Back to All Attacks
Attack Details
Attack Date:
May 17, 2022

Fake Invoice Credential Phishing Attack

Initial Email Content

Subject
[Compromised Third Party Company Name] Inv 41063
Body

Hello,


Please see attached for [Compromised Third Party Company Name] Inv 41063.


Thank you.


[Compromised Third Party Employee Signature]

Attack Screenshots

No items found.
No items found.

Malicious Artifacts

Additional Indicators of Compromise

Type

Description

No items found.

Attack Description

This link-based attack impersonates a vendor/supplier using a fake attachment, an external compromised account, and a fake invoice theme to steal credentials.

Analysis Overview

Type
Credential Phishing
Tactic
Fake Attachment
External Compromised Account
Goal
Credential Theft
Impersonated Party
External Party - Vendor/Supplier
Vector
Link-based
Theme
Fake Invoice
Language