Executive Impersonation Payment Fraud BEC Attack
Initial Email Content
[Recipient Name],
Please can you handle this today? Payment has to be made via ACH.
---------- Forwarded message ---------
From: [Third Party Employee Name] <[Third Party Email Address]>
Date: Fri, April 01, 2022 at 04:11 PM
Subject: Invoice 001691134
To: [Impersonated Executive Name]
A new invoice 001691134 has been generated and is attached for your
review and payment. Please make payment via ACH, and the Bank information is on the invoice.
If you are experiencing issues viewing the attached pdf via a mobile
device, please use your standard mail client or webmail.
Thank you,
[Third Party Company Name]
Please do not reply to this email as this is a non-monitored account.
For assistance, don't hesitate to get in touch with [Third Party Employee Name] , President, via email at [Third Party Email Address].
Malicious Artifacts
Additional Indicators of Compromise
Type
Description
Attack Description
This text-based BEC attack impersonates an executive using a fake email chain, display name spoofing, and a maliciously registered domain to request a fraudulent payment.