Back to All Attacks
Attack Details
Attack Date:
Jun 23, 2022
Vendor Impersonation Account Update BEC Attack
Initial Email Content
Subject
RE: [Target Company Name] invoice May-22
Body
Hi [Recipient First Name],
Please find attached our updated payment details attached. Kindly note all payment should be made to our chase bank.
Kindly acknowledge receipt and revert in case of any query.
Regards,
AR Team,
[Vendor Company Name]
From:[Vendor Company Name] <[Vendor Email Address]>
Sent:Thursday, June 23, 2022 3:08 PM
To:[Hijacked Thread Original Recipients]
Cc:[Hijacked Thread Original Recipients]
Subject: [Hijacked Thread Subject]
[Hijacked Thread Content]
Attack Screenshots
No items found.
No items found.
Malicious Artifacts
Additional Indicators of Compromise
Type
Description
No items found.
Attack Description
This text-based BEC attack impersonates a vendor/supplier using a hijacked email thread, a look-alike domain, an external compromised account, and an account update theme to request a fraudulent payment.
Analysis Overview
Tactic
Hijacked Email Thread
Look-alike Domain
External Compromised Account
Goal
Payment Fraud
Impersonated Party
External Party - Vendor/Supplier
Vector
Text-based
Theme
Account Update
Language