publishing date icon
January 31, 2023
read time icon
3 min

File-sharing notification phish from a compromised business email

Phishing scams are becoming more sophisticated and utilizing business email compromises (BEC). A recent BEC scam used a well-known local brand's email to trap victims. The email appeared legitimate with a convincing subject line and details, but was a trap to steal sensitive information. To protect against such scams, always double-check links before clicking and ensure they make sense in the context of the email. Attackers may register domain names similar to legitimate businesses.


Threat Analyst Team

In today's digital age, phishing scams are becoming increasingly sophisticated and harder to detect. One type of phishing scam is a business email compromise (BEC), where attackers use stolen credentials of a real business to steal sensitive information.

Recently we came across a phishing email using compromised business emails of a well-known local brand, which informed the recipient that an employee has shared a folder with them. The email may appear legitimate with a convincing subject line and additional details, but it is actually a trap designed to steal sensitive information. We will examine the characteristics of this phishing email and provide tips to help you stay protected from similar scams.

The subject line mentions a “Sponsorship Invitation” and the file-sharing notification in the email body reveals that the shared folder is called “Partnership & Sponsorship”. The email contains further additional details, like a photograph of the town the business is based in and a customized footer, making the email seem even more legitimate.

Clicking on the link "Open" to view the documents reveals that the malicious website has already been taken down, so it's not clear what the payload was. However, the website is unrelated to the file-sharing service the message is impersonating. The email also originates from a domain that does not belong to the business it’s impersonating. In fact, the domain had been registered on the same day the malicious email was sent out and was very similar to the domain name of the legitimate business.

Off the hook

As the email originates from a legitimate email address, this phish may more difficult to recognize as such. Always double-check where links lead before clicking on them, and if they make sense in the context of the email.

Remember that sometimes attackers register domain names that very closely resemble those of legitimate businesses.

Subscribe to our newsletter