Vendor Impersonation Overdue Payment Account Update BEC Attack
Initial Email Content
Hello,
We are pleased to send a friendly reminder to your accounting department regarding the due invoices and outstanding payment.
It would be much appreciated if you could let us know and advise when payment will be processed so that we can update you with our new bank details for remittance all payment as our main account is presently being reviewed due to some inconclusive L/C issue so therefore, all account activities including incoming and outgoing funds can no longer be verified at the moment.
Please, we request that you should attach us all invoices according to what your records show to revise with the correct payment instructions. We will appreciate it if all concerned people treat this as urgent.
Regards,
[Impersonated Vendor Employee Name]
[Impersonated Vendor Employee Title]
[Impersonated Vendor Company Name & Address]
Attack Screenshots
Malicious Artifacts
Additional Indicators of Compromise
Type
Description
Attack Description
This text-based BEC attack impersonates a vendor/supplier using a spoofed display name, a maliciously registered domain, an overdue payment theme, and an account update theme to request a fraudulent payment.