Back to All Attacks
Attack Details
Attack Date:
May 18, 2022
Vendor Impersonation Overdue Payment BEC Attack
Initial Email Content
Subject
Unpaid Invoice- 992890
Body
Hi
Our records show that we haven’t yet received payment for Invoice 992890, which is overdue by 3 months. I would appreciate it if you could check this out on your end. If the payment has already been sent, please disregard this notice. And if you’ve lost this invoice, please let me know, and I’d be happy to send you another copy.
Regards,
[Impersonated Vendor Employee Name]
[Impersonated Vendor Company Name]
[Impersonated Vendor Company Address]
Attack Screenshots
No items found.
No items found.
Malicious Artifacts
Additional Indicators of Compromise
Type
Description
No items found.
Attack Description
This text-based BEC attack impersonates a vendor/supplier using a look-alike domain, a spoofed display name, and an overdue payment theme to request a fraudulent payment.
Analysis Overview
Tactic
Look-alike Domain
Spoofed Display Name
Goal
Payment Fraud
Impersonated Party
External Party - Vendor/Supplier
Vector
Text-based
Theme
Overdue Payment
Language