Back to All Attacks
Attack Details
Attack Date:
Jun 29, 2022
Vendor Impersonation Overdue Payment BEC Attack
Initial Email Content
Subject
RE: FW: [Hijacked Thread Subject]
Body
Good Morning,
I am circling back around with you regarding the final payment breakdown for the claim payment(s) that have been issued.
We are currently sitting at an amount owed of $ 9874.18 to pay this account in full. Please provide a response ASAP or we will be forced to place a lien on the insured’s property.
[Vendor Employee Name]
A/R Manager
[Hijacked Thread Content]
Attack Screenshots
No items found.
No items found.
Malicious Artifacts
Additional Indicators of Compromise
Type
Description
No items found.
Attack Description
This text-based BEC attack impersonates a vendor/supplier using a hijacked email thread, a look-alike domain, a matching malicious domain username, and an overdue payment theme to request a fraudulent payment.
Analysis Overview
Tactic
Hijacked Email Thread
Look-alike Domain
Matching Malicious Domain Username
Goal
Payment Fraud
Impersonated Party
External Party - Vendor/Supplier
Vector
Text-based
Theme
Overdue Payment
Language