$500K financial fraud built on BEC, a domain lookalike, and a fake thread

Sublime's Attack Spotlight series highlights real-world email threats, including a sophisticated business email compromise (BEC) and fraud attempt involving vendor impersonation detected using Sublime's AI-powered detection engine. In this case, the attacker targeted a $500K invoice payment by fabricating a realistic-looking email thread using intelligence from a previous compromise, coupled with a lookalike domain, ascentshvac[.]com, to impersonate a real company, Ascent Inc. The fraudulent email requested confirmation of updated ACH banking details, creating a sense of urgency and trust through the use of legitimate branding and invoice details. Key detection signals included the newly registered lookalike domain, the absence of prior contact from the sender's domain with the receiving company, and the urgent request to change a payment destination. The series emphasizes the importance of AI and machine learning in spotting minor discrepancies that can indicate phishing attacks and encourages readers to stay informed through their blog and newsletter.