Back to All Attacks
Attack Details
Attack Date:
Apr 12, 2022

Vendor Impersonation Overdue Payment BEC Attack

Initial Email Content

Subject
BILL
Body

Dear Sir,

Our Record shows that you have IATA invoices that are due for payment,kindly check your records and get back to us as soon as possible for payment, as failure to do so may lead to sanctions.Please note there is an update in Bank Account information,we request you contact us for our new Bank Account information before your next payment.

Expecting your usual prompt cooperation.

Best Regards,
Ms Linda Morgan
Accounts/Invoicing
International Air Transport Association
IATA Head Office

Attack Screenshots

No items found.

Malicious Artifacts

Additional Indicators of Compromise

Type

Description

No items found.

Attack Description

This text-based BEC attack impersonates a vendor/supplier using a maliciously registered domain and an overdue payment theme to request a fraudulent payment.

Analysis Overview

Tactic
Maliciously Registered Domain
Goal
Payment Fraud
Impersonated Party
External Party - Vendor/Supplier
Vector
Text-based
Theme
Overdue Payment
Language