Vendor email attachments could be phishing bait

If you receive an email with an attachment that you have not asked for, don’t open it before confirming it is valid. One of the latest reported phishing schemes is very hard to beat, says Stu Sjouwerman, CEO of KnowBe4, and it always includes an attachment.

He lists the five step pattern to this scheme:

1) A known vendor or customer falls victim to a phishing attack. Their email credentials are compromised, and the “bad guy” gets access to their email account.

2) The hacker starts by changing the password so that the victim no longer has control.

3) They then comb through past email correspondence, and using the victim’s account, signature, and logo, send out targeted emails crafted to closely resemble legit correspondence they have had with our company in the past.

4) Depending on the “bad guy’s” dedication to his craft, these could be fairly generic, or extremely specific. We’ve received one with an inquiry that referenced a specific real invoice number for that individual.

5) The email always includes a spreadsheet or PDF. The name can be generic, or can be really specific. We’ve received one titled with a specific real invoice number for that individual.

“Because these emails are coming from a real email account for a real business partner, they are very hard to identify,” warns Sjouwerman. “In some cases they are literally impossible to detect, as they are carefully crafted copies of past legitimate emails. Naturally, there are a few that cast a wide net, so they are more generic and often contain corrupted grammar or spelling, but others are indistinguishable from real emails.”

What can you do about this threat?

1) Stress to those in your organization that they should delay opening any attachment until they first ask themselves: DID I ASK FOR THE ATTACHMENT?

2) If they did not request it, before opening the attachment, remind them to double check by using an out-of-band channel, like the phone, to call the sender and ask if they sent an attachment and explain why they sent it.

These extra steps can go a long way in preventing security nightmares. Want to know more? Contact the experts at PrivaPlan today at

Related Posts

Access PrivaPlan Toolkit

Access CMA-PrivaPlan Toolkit

Sign up for updates

Sign up. Learn about Compliance

Subscribe now for up-to-date information about privacy & security compliance! You’ll receive emails regarding news about compliance & alerts for new blog posts.