Executive Impersonation Overdue Payment Payment Fraud BEC Attack

Initial Email Content

Subject

Overdue

Body

Hi [Recipient First Name],

I asked Karen Page, Finance Controller at Collins Contractor LTD to contact you some days ago regarding a late invoice.

These are consulting services that CC LTD offered us, I will give you more information about it later after review.

Could you have it paid today?

Regards,
[Executive Name]

Forwarded message --------- ----------

From: Ange Page <ange.page@collins-contractor.com>
Sent: 28 April 2022 15:59
Subject: Invoice 960201 Overdue

Hi Rich,

I have sent the invoice back as a reminder. I would like to inform you that it is OverDue today.

Should we expect this payment soon?

Sincerely,

Karen Page

Financial Controller

Collins Contractors Ltd

Attack Screenshots

No items found.

Malicious Artifacts

Additional Indicators of Compromise

Type

Description

No items found.

Attack Description

This text-based BEC attack impersonates an executive using a fake email chain, a spoofed display name, a maliciously registered domain, and an overdue payment theme to request a fraudulent payment.

Analysis Overview

Type

Business Email Compromise

Tactic

Fake Email Chain

Spoofed Display Name

Maliciously Registered Domain

Goal

Payment Fraud

Impersonated Party

Employee - Executive

Vector

Text-based

Theme

Overdue Payment

Language