Vendor Impersonation Overdue Payment BEC Attack

Initial Email Content

Subject

Over due invoice

Body

Hello,

I'm [Vendor Employee First Name] from the Accounts department at [Vendor Company Name] Our records show that we owe an outstanding balance dating back to

04/05/2022

This email is to request you for a copy of your company account

Manager or Financial controller email contact, so that we can

clear the payment at the earliest. Sincere apologies for the

delay in payment. The accounts team has been reshuffled and this

case came to my notice just an hour ago and I am writing to you

immediately.

If this invoice has already been paid, please disregard this

notice.

Thank you in advance for your cooperation. We hope to continue

doing business with you in the future.

Sincerely,

[Vendor Employee Name]

[Vendor Employee Title]

[Vendor Company Name]

Attack Screenshots

No items found.

Malicious Artifacts

Additional Indicators of Compromise

Type

Description

No items found.

Attack Description

This text-based BEC attack impersonates a vendor/supplier using a look-alike domain, a spoofed display name, and an overdue payment theme to request a fraudulent payment.

Analysis Overview

Type

Business Email Compromise

Tactic

Look-alike Domain

Spoofed Display Name

Goal

Payment Fraud

Impersonated Party

External Party - Vendor/Supplier

Vector

Text-based

Theme

Overdue Payment

Language