Spoofed Display Name
Maliciously Registered Domain
Spoofed Display Name
No items found.
No items found.
Back to All Attacks
Attack Details
Attack Date:
Apr 19, 2022

Employee Impersonation Payroll Diversion BEC Attack

Initial Email Content

Subject
Direct Deposit Update
Body

Hi [Target First Name],

Quick one - I just switched my bank and would like to update my direct deposit details, would the change be effective for the next pay date, Kindly get back to me immediately you received my message so that i can provide you my new account ....

Regards,

[Employee Name]

[Employee Title & Company]

Attack Screenshots

No items found.
No items found.

Malicious Artifacts

Additional Indicators of Compromise

Type

Description

No items found.

Attack Description

This text-based BEC attack impersonates a non-executive employee using display name spoofing and a maliciously registered domain to divert payroll deposits to a fraudulent account.

Analysis Overview

Type
Business Email Compromise
Tactic
Spoofed Display Name
Maliciously Registered Domain
Goal
Payroll Diversion
Impersonated Party
Employee - Other
Vector
Text-based
Theme
No items found.
Language