Fake invoice used to conduct $16,800 BEC attempt

Sublime's Attack Spotlight series highlights the evolving email threat landscape by presenting real-world attack samples, detailing adversary tactics and techniques, and explaining detection methods. The series focuses on Business Email Compromise (BEC) attacks targeting Microsoft 365 and Google Workspace users, specifically aiming to defraud organizations by soliciting payments for fraudulent invoices. These attacks are highly personalized, with PDF attachments mimicking legitimate company invoices and W-9 forms, often impersonating high-ranking individuals like CEOs to add credibility. The messages are crafted to appear as urgent with fake forwarded threads, and some sender domains are newly registered to enhance deception. Sublime employs advanced detection signals, including the use of Natural Language Understanding models, to identify and prevent such threats, offering deployment in an alert-only mode for organizations seeking to enhance their email security.