Vendor Impersonation Fake Invoice Credential Phishing Attack

Initial Email Content

Subject

Remittance Advice

Body

Hello,

Please see attached and let me know if you have any question.

Thanks!

‍

Attack Screenshots

No items found.

Malicious Artifacts

Additional Indicators of Compromise

Type

Description

No items found.

Attack Description

This link-based attack impersonates a vendor/supplier using a fake attachment, compromised external account, and a fake invoice theme to steal credentials.

Analysis Overview

Type

Credential Phishing

Tactic

Fake Attachment

External Compromised Account

Goal

Credential Theft

Impersonated Party

External Party - Vendor/Supplier

Vector

Link-based

Theme

Fake Invoice

Language