Vendor Impersonation Overdue Payment BEC Attack
Initial Email Content
Hello,
We are pleased to send a friendly reminder to your accounting department regarding the due invoices and outstanding payment.
It would be much appreciated if you could let us know and advise when payment will be processed so that we can update you with our new bank details for remittance all payment as our main account is presently being reviewed due to some inconclusive L/C issue so therefore, all account activities including incoming and outgoing funds can no longer be verified at the moment.
Please, we request that you should attach us all invoices according to what your records show to revise with the correct payment instructions. We will appreciate it if all concerned people treat this as urgent.
Regards,
[Impersonated Vendor Employee Name]
Sales Director
Home
[Impersonated Vendor Company Name]
[Impersonated Vendor Address]
Attack Screenshots
Malicious Artifacts
Additional Indicators of Compromise
Type
Description
Attack Description
This text-based BEC attack impersonates a vendor/supplier using display name spoofing, a maliciously registered domain, an overdue payment theme, and a payment account update theme to request a fraudulent payment.