Vendor Impersonation Account Update BEC Attack
Initial Email Content
Attn: Accounts Payable Manager:
[Impersonated Vendor Company Name] greatly appreciates you as a valued customer and we want to
thank you for your continued business.
Our office will like to update our Bank Account information details you have on file
Please note, We no longer accept mailing of any check payment at this time , All payments has to go through Direct Deposit ACH payment and Wire transfer
Could you please check if you have any open invoice payable to us as accounting is still not able to get onto the server or into Oracle to review accounts or post payments that may have been received.
Thank you,
[Impersonated Vendor Employee Name]
[Impersonated Vendor Employee Title]
[Impersonated Vendor Company Contact Information]
Attack Screenshots
Malicious Artifacts
Additional Indicators of Compromise
Type
Description
Attack Description
This text-based BEC attack impersonates a vendor/supplier using display name spoofing, a look-alike domain, and an account update theme to request a fraudulent payment.