Employee Impersonation Payroll Diversion BEC Attack
Initial Email Content
Greetings,
I just different to another bank and I might want to refresh my Direct
store subtleties, will it be successful for the following Payroll?
Yet, if the
next finance has been planned, my old record is as yet open to get it
yet in the event that it has not been booked, generously assist me
with changing to this new data.
Here is my new Direct Deposit Information.
Directing #: [Routing Number]
Account #: [Account Number]
Account Type: Checking
Bank name: Cross River Bank
If it's not too much trouble, let me in on when the change has been
made and sympathetically recognize the receipt of this message.
Much obliged
Attack Screenshots
Malicious Artifacts
Additional Indicators of Compromise
Type
Description
Attack Description
This text-based BEC attack impersonates an employee using a spoofed email address and a free webmail account to divert payroll deposits to a fraudulent account.