Initial Email Content
Subject
RE: PO-18009612 Payment Statement
Body
Good morning,
I am chasing up the Order 001023 payment Please kindly read files send by my account on chnage of bank details from you.
Can you confirm signed and returned.
I have attached a copy
READ FILE
Attack Screenshots
No items found.
No items found.
Malicious Artifacts
Additional Indicators of Compromise
Type
Description
No items found.
Attack Description
This link-based attack impersonates a vendor/supplier using an external compromised account and a payment inquiry theme to steal credentials.
Analysis Overview
Tactic
External Compromised Account
Goal
Credential Theft
Impersonated Party
External Party - Vendor/Supplier
Vector
Link-based
Theme
Payment Inquiry
Language