Executive Impersonation Payment Fraud BEC Attack

Initial Email Content

Subject

Invoice 001691134

Body

[Recipient Name],

‍

Please can you handle this today? Payment has to be made via ACH.

‍

---------- Forwarded message ---------
From: [Third Party Employee Name] <[Third Party Email Address]>
Date: Fri, April 01, 2022 at 04:11 PM
Subject: Invoice 001691134
To: [Impersonated Executive Name]

‍

A new invoice 001691134 has been generated and is attached for your
review and payment. Please make payment via ACH, and the Bank information is on the invoice.
If you are experiencing issues viewing the attached pdf via a mobile
device, please use your standard mail client or webmail.
Thank you,
[Third Party Company Name]

‍

Please do not reply to this email as this is a non-monitored account.
For assistance, don't hesitate to get in touch with [Third Party Employee Name] , President, via email at [Third Party Email Address].

‍

Attack Screenshots

No items found.

Malicious Artifacts

Additional Indicators of Compromise

Type

Description

No items found.

Attack Description

This text-based BEC attack impersonates an executive using a fake email chain, display name spoofing, and a maliciously registered domain to request a fraudulent payment.

Analysis Overview

Type

Business Email Compromise

Tactic

Fake Email Chain

Spoofed Display Name

Maliciously Registered Domain

Goal

Payment Fraud

Impersonated Party

Employee - Executive

Vector

Text-based

Theme

No items found.

Language