Debt Collector Impersonation / Invoice Fraud Attack 1 Case Study Debt Collector Impersonation / Invoice Fraud Attack Overview On June 4th, 2020, Abnormal Security detected and stopped an attempted invoice fraud targeting a global retailer, preventing nearly $30,000 from being stolen. This was a novel attack, which later surfaced at several other customers. The attacker’s operation involved impersonating a debt collection agency claiming it was collecting an unpaid debt and then spoofing the target company’s COO. The email from the spoofed COO contained the fake invoice referenced by the impersonated debt collector and claimed it was lost. Disclaimer: All parties have been anonymized for this case study. Types of Business Email Compromise (BEC) Attacks BEC attacks can be broken into

Join for free to read