Back to Reports
HIGH SEVERITYPUBLISHEDVerified ReportBusiness

Fake Invoice from Regular Vendor (BEC Scam)

SmallBizOwner(Trust: 88%)
2024-01-28
Email
94
Upvotes
28
Comments
1,670
Views
42
Shares
$495 (prevented)
Amount Involved / Potential Loss

Report Summary

Received fake invoice mimicking regular vendor, almost paid before noticing slight email domain difference.

⚠️ Warning Signs Identified:

  • • Pressure to act quickly without time for consideration
  • • Requests for payment via unusual methods (gift cards, cryptocurrency)
  • • Poor grammar and spelling in communications
  • • Email addresses that don't match company domain

Full Report Details

Business Email Compromise (BEC) Attempt

Company Context

Business Type: Small marketing agency (15 employees) Regular Vendor: Web hosting provider Typical Invoice Amount: $450-550 monthly Payment Method: Bank transfer

Attack Details

Initial Contact

Date: January 28, 2024 Time: 10:15 AM (right after real vendor's usual invoice time) Sender: accounting@webhost-solutions.net (real vendor: @webhostsolutions.com) Subject: Invoice #INV-2024-028 - Payment Due

Email Content Analysis

  1. Header: Perfect replica of vendor's template
  2. Logo: High-resolution copy
  3. Contact Info: Same phone numbers, different email
  4. Invoice Details:
    • Amount: $495.00 (typical amount)
    • Due Date: Net 15 (same terms)
    • Account #: Similar but different format
  5. Bank Details:
    • Different bank name
    • New account number
    • Same branch location (to appear legitimate)

Detection Process

  1. Initial Review: Passed quick check (amount, timing correct)
  2. Payment Processing: Started preparing bank transfer
  3. Verification Step: Compared to last month's invoice
  4. Discrepancies Found:
    • Email domain difference (missing 's' in host)
    • Account number format changed
    • Invoice number sequence different
  5. Verification Call: Contacted vendor directly, confirmed scam

Attack Analysis

Likely Methods

  1. Email Monitoring: Attacker knew typical invoice amounts/timing
  2. Template Theft: Previous invoices likely intercepted
  3. Spoofing: Email headers crafted to appear legitimate
  4. Social Engineering: Pressure through "payment due" urgency

Potential Impact

  • Immediate Loss: $495.00
  • Future Risk: Marked as vulnerable target
  • Vendor Relationship: Could have been damaged
  • Time Cost: 4+ hours recovery if paid

Response Actions

  1. Internal:
    • Alerted all staff about BEC attempt
    • Updated payment verification procedures
    • Implemented dual-approval for vendor changes
  2. External:
    • Notified real vendor about impersonation
    • Reported to FBI IC3
    • Shared with industry group
    • Filed Quiet-Report

Security Improvements Implemented

  1. Vendor verification checklist
  2. Payment approval workflow changes
  3. Email filtering rules for similar domains
  4. Regular security training updates

Technical Details

Evidence Provided

📄
fake-invoice.pdf
Click to view
📄
email-analysis.txt
Click to view
🖼️
comparison-chart.png
Click to view

Resolution

Type:

WARNING

Description:

Vendor notified, industry warnings issued

Outcome:

New verification procedures implemented company-wide

Tags

#BEC#Business#Invoice Fraud#Email Spoofing#Vendor Impersonation

Reporter Information

Status:Verified User
Username:SmallBizOwner
Trust Score:88%
Reports Filed:12
Success Rate:85%

Similar Reports

MEmployment

Fake Job Offer Leads to Personal Information Theft

MMalware

Fake Antivirus Popup Leads to Browser Lock

MTech Support

Fake Refund Follow-up to Tech Support Scam

⚠️ Safety Tips

  • Never share personal information with unknown parties
  • Verify company credentials before making payments
  • Use secure payment methods with buyer protection
  • Report suspicious activity immediately

Experienced Similar?

Help protect others by reporting your experience