Vendor Impersonation Overdue Payment BEC Attack
Initial Email Content
Dear [Recipient Name] & Accounts Team,
Please note that all current/outstanding invoices have been sent .Kindly confirm receipt for more information and instructions.Note also that the invoices for December, 2021 to March, 2022 appear to be in arrears.We request that you kindly provide the status of these invoices with proofs of payment if remittances have been made already against any of these invoices in question so as to enable us update our records and accounts accordingly.
Thanks for your cooperation. We await your prompt response.
My best regards
[Vendor Employee Name]
General Manager Accounts
Head of CAT / CO2 (Collection of Air Navigation Charges)
CRCO / CAT / CO2
EUROCONTROL
96 Rue de la Fusée, 1130 Brussels, Belgium
Email: [Username]@eurocontrolint.com
Attack Screenshots
Malicious Artifacts
Additional Indicators of Compromise
Type
Description
Attack Description
This text-based BEC attack impersonates a vendor/supplier using a look-alike domain and an overdue payment theme to request a fraudulent payment.