Back to All Attacks
Attack Details
Attack Date:
Jun 10, 2022
Overdue Payment HTML Attachment Credential Phishing Attack
Initial Email Content
Subject
[Recipient Company Domain] Outstanding Invoice(s)
Body
I am attaching Past Due invoices for [Recipient Company Domain]. If you have any questions, please let me know. Thanks!
INVOICE. PO# AMOUNT SO#
039 B2005 $2,355.00 03049
040 B2006 $10,098.00 03033
041 B2007 $2,246.00 03066
042 B2008 $1,049.50 03040
043 B2009 $49.50 03003
044 B2010 $147.00 03031
045 B2011 $2,160.00 03063
046 B2011 $12,160.00 03063
TOTAL: $30,265.00
Best Regards,
[Third Party Employee Name]
[Third Party Employee Title]
Attack Screenshots
No items found.
No items found.
Malicious Artifacts
Additional Indicators of Compromise
Type
Description
No items found.
Attack Description
This payload-based attack impersonates a vendor/supplier using an external compromised account, a personalized email subject, and an overdue payment theme to steal credentials.
Analysis Overview
Tactic
External Compromised Account
Personalized Email Subject
Goal
Credential Theft
Impersonated Party
External Party - Vendor/Supplier
Vector
Payload-based
Theme
Overdue Payment
Language