A novel social engineering phishing campaign called the VIP Invoice Authorization Fraud targets innocent individuals, urging them to make phony invoice payments. Here are more details about the attack vector, its modus operandi, and how to protect against it.

Threat actors constantly develop novel tactics for malicious purposes like extracting confidential data or stealing funds, and the latest one is the BEC (Business Email Compromise) campaign, known as the ‘VIP Invoice Authorization Fraud.’ Here is a look at how threat actors employ multi-step tactics, like dual, socially engineered emails, assisted with increased pressure, to trap their victims.


What is the VIP Invoice Authorization Fraud?

Threat actors are using a new email campaign dubbed ‘VIP Invoice Authorization Fraud’ wherein they use a spoofed executive email address and create a sense of urgency to force the victim via authority or trust so that the latter is caught in a snare of social engineering and ends up paying the phony invoice. 

Researchers at Armorblox uncovered the VIP Invoice Authorization Fraud emails designed to increase the pressure on victims so they have no time to think. The tactic is used in classic phishing emails wherein the threat actors impersonate third-party organizations or trusted vendors to which a business regularly makes transactions and pays the fake invoice.


VIP Invoice Authorization Fraud: How Does It Work?

The threat actors employ a dual email delivery method, as explained below.


1. Initial Vector

The malicious actors initiate the attack with a phishing email to the victim, impersonating an authentic organization or individual and demanding payment for an invoice. The email is designed to appear genuine, coming from a trustworthy source, so an unsuspecting victim readily believes it.

To make the email look like a regular invoice, the threat actors impersonate trusted third parties, vendors, and business partners that the victim communicates with regularly so the invoice does not appear “unsolicited” or outside the typical workflow.


phishing attack


2. Secondary Email

Another unique attribute of the New VIP Invoice Authorization Fraud Attack is the threat actors’ secondary email to trick the victim’s mind further. Even though the first email is convincing, the malicious actors reply to the email using a spoofed domain account, imitating the victim’s manager, boss, or any superior, with a copy to the target instructing them to pay the invoice promptly.

Using the second email enhances the sophistication of the attack, creates a cloud of trust, and adds to the urgency of payment for the invoice. The victim usually ends up paying the threat actor’s phony invoice.


How to Protect Against the VIP Invoice Authentication Fraud BEC Attack?

The new VIP Invoice Authentication Fraud helps malicious actors extract funds from target organizations and individuals. By impersonating a trusted partner or contact, the malicious actors gain the victim’s trust and quickly convince them to pay the fake invoice.

With such a simple idea but so much at stake, individuals need to learn how to detect the phishing emails used in the attack and stay safe. Here is what you can do to stay safe in the face of such malicious attempts:

  • Look out for a Spoofed Domain: Check out a spoofed domain’s usage based on the authentic one in the ‘FROM’ and ‘TO’ fields. Your enterprise cybersecurity tool can be helpful in this. Moreover, you can double-check with your superior if they have authorized such a payment.
  • Keep an Eye on Email Threads: If you are using anti-spoofing or anti-phishing software with language-based analysis, it will detect the content of the email body and mark it as spam.

It would also be helpful to watch manually for email threads that mimic the campaign, i.e., be vigilant against emails that demand payment to an invoice followed by another one from your superior asking you to proceed with the payment. A double-check goes a long way in keeping your information systems secure from evil hands.


email security

Image sourced from economictimes.indiatimes.com


Final Words

Businesses and individuals must remain vigilant against the new VIP Invoice Authentication Fraud. Since the attack campaign relies on dual emails for demanding the finances and confirming the payment, individuals will be inclined to make the payment.

However, keeping up to date with email security and cybersecurity’s latest alerts can do wonders for an organization, arming them against familiar and novel threats. With a proper understanding, individuals and organizations can beat even the most sophisticated  BEC attack campaigns with little effort.

Pin It on Pinterest

Share This