Executive Impersonation Fake Email Chain Payment Fraud BEC Attack

Initial Email Content

Subject

DTA 2021 Due Payment

Body

Hi,
Please pay the below payment as a same-day transfer and send me a copy of the payment as an attachment
Regards

‍

-----Original Message-----
From: HMRC
Sent: Monday, September 07 ,2021 03:45 PM
To: Finance
Subject: DTA 2021 due Payment

‍

Below are HMRC bank details to process payment for the 2021 corporation tax due by 08/08/2021. Kindly note that payment should be processed as CHAPS/Same day value payment.

‍

Sort Code/Routine [Account Detail]
Acct No [Account Number]
Payment Ref 9796919229A00118A
Amount £12,740

‍

Let me have the remittance receipt as an attachment.
Thank you,
[Impersonated Executive Name]

‍

Attack Screenshots

No items found.

Malicious Artifacts

Additional Indicators of Compromise

Type

Description

No items found.

Attack Description

This text-based BEC attack impersonates an executive using a fake email chain, display name spoofing, and a maliciously registered domain to request a fraudulent payment.

Analysis Overview

Type

Business Email Compromise

Tactic

Spoofed Display Name

Maliciously Registered Domain

Fake Email Chain

Goal

Payment Fraud

Impersonated Party

Employee - Executive

Vector

Text-based

Theme

Fake Email Chain

Language