Back to All Attacks
Attack Details
Attack Date:
Apr 26, 2022
Vendor Impersonation Account Update BEC Attack
Initial Email Content
Subject
[TARGET COMPANY NAME] PO # A482281 for [IMPERSONATED VENDOR NAME]
Body
Hi [Recipient First Name],
Going forward with your order, Before we can continue proceeding with your order. Be informed we have moved into the advanced age of billings. We are only set up to receive payments electronically via ACH/Wire Transfers. Do not use the previous information for remittance. it is now outdated.
Kindly let me know which you prefer in the above so we can proceed further with your PO.
Would so much appreciate your earliest confirmation
Regards,
[Vendor Employee Name]
[Vendor Employee Title]
Attack Screenshots
No items found.
No items found.
Malicious Artifacts
Additional Indicators of Compromise
Type
Description
No items found.
Attack Description
This text-based BEC attack impersonates a vendor/supplier using a look-alike domain, display name spoofing, and a payment account update theme to request a fraudulent payment.
Analysis Overview
Tactic
Look-alike Domain
Goal
Payment Fraud
Impersonated Party
External Party - Vendor/Supplier
Vector
Text-based
Theme
Account Update
Language