Executive Impersonation Payment Fraud BEC Attack

Initial Email Content

Subject

Financial Update

Body

Hi [Recipient Name],

I was just informed that we have an offer accepted by a new vendor which I have been negotiating for some time now. Are you able to process the payment ? so I can forward you a copy of the invoice and W9.

Regards,
[Impersonated Executive Name]

Sent from my iPhone

‍

Attack Screenshots

No items found.

Malicious Artifacts

Additional Indicators of Compromise

Type

Description

No items found.

Attack Description

This text-based BEC attack impersonates an executive using display name spoofing, a maliciously registered domain, and a new vendor theme to request a fraudulent payment.

Analysis Overview

Type

Business Email Compromise

Tactic

Spoofed Display Name

Maliciously Registered Domain

Goal

Payment Fraud

Impersonated Party

Employee - Executive

Vector

Text-based

Theme

New Vendor

Language