In today's digital age, phishing scams are becoming increasingly sophisticated and harder to detect. One type of phishing scam is a business email compromise (BEC), where attackers use stolen credentials of a real business to steal sensitive information.
Recently we came across a phishing email using compromised business emails of a well-known local brand, which informed the recipient that an employee has shared a folder with them. The email may appear legitimate with a convincing subject line and additional details, but it is actually a trap designed to steal sensitive information. We will examine the characteristics of this phishing email and provide tips to help you stay protected from similar scams.
The subject line mentions a “Sponsorship Invitation” and the file-sharing notification in the email body reveals that the shared folder is called “Partnership & Sponsorship”. The email contains further additional details, like a photograph of the town the business is based in and a customized footer, making the email seem even more legitimate.
Clicking on the link "Open" to view the documents reveals that the malicious website has already been taken down, so it's not clear what the payload was. However, the website is unrelated to the file-sharing service the message is impersonating. The email also originates from a domain that does not belong to the business it’s impersonating. In fact, the domain had been registered on the same day the malicious email was sent out and was very similar to the domain name of the legitimate business.
Off the hook
As the email originates from a legitimate email address, this phish may more difficult to recognize as such. Always double-check where links lead before clicking on them, and if they make sense in the context of the email.
Remember that sometimes attackers register domain names that very closely resemble those of legitimate businesses.