Vendor Impersonation Overdue Payment BEC Attack

Initial Email Content

Subject

re: past due invoice

Body

Hello Dealer/Distributor,

I am one of the auditors for [Impersonated Vendor Company Name]. We are currently in the middle of the financial statement audit for the year ended 2021/2022 and would like to inquire regarding any outstanding payment/due invoice with the Company, and if you do, how much is the due/outstanding payment and when is the payment due date?

Also if you have not paid yet, kindly hold off with the payment for our further instructions.

Awaiting your email response.

Best Regards,

[Impersonated Vendor Employee Name]

Accounts Receivables

[Impersonated Vendor Company Name]

[Impersonated Vendor Company Address]

Attack Screenshots

No items found.

Malicious Artifacts

Additional Indicators of Compromise

Type

Description

No items found.

Attack Description

This text-based BEC attack impersonates a vendor/supplier using a look-alike domain and an overdue payment theme to request a fraudulent payment.

Analysis Overview

Type

Business Email Compromise

Tactic

Look-alike Domain

Goal

Payment Fraud

Impersonated Party

External Party - Vendor/Supplier

Vector

Text-based

Theme

Overdue Payment

Language