No items found.
No items found.
Back to All Attacks
Attack Details
Attack Date:
Apr 6, 2022

Executive Impersonation Payment Fraud BEC Attack

Initial Email Content

Subject
Invoice 001691134
Body

[Recipient Name],

Please can you handle this today? Payment has to be made via ACH.

---------- Forwarded message ---------
From: [Third Party Employee Name] <[Third Party Email Address]>
Date: Fri, April 01, 2022 at 04:11 PM
Subject: Invoice 001691134
To: [Impersonated Executive Name]

A new invoice 001691134 has been generated and is attached for your
review and payment. Please make payment via ACH, and the Bank information is on the invoice.
If you are experiencing issues viewing the attached pdf via a mobile
device, please use your standard mail client or webmail.
Thank you,
[Third Party Company Name]

Please do not reply to this email as this is a non-monitored account.
For assistance, don't hesitate to get in touch with [Third Party Employee Name] , President, via email at [Third Party Email Address].

Attack Screenshots

No items found.

Malicious Artifacts

Additional Indicators of Compromise

Type

Description

No items found.

Attack Description

This text-based BEC attack impersonates an executive using a fake email chain, display name spoofing, and a maliciously registered domain to request a fraudulent payment.

Analysis Overview

Tactic
Fake Email Chain
Spoofed Display Name
Maliciously Registered Domain
Goal
Payment Fraud
Impersonated Party
Employee - Executive
Vector
Text-based
Theme
No items found.
Language