Fresh Phish: Phishers Impersonate Pfizer in Request for Quotation Scam


Phishers are always trying new things, and they love to bandy about well-known brand names because familiar company logos make people feel comfortable enough to let down their guard. In this particular attack combination, the black hats used both high and low tech to evade anti-phishing radar. The high tech involved newly created and freeware domains, set up to send phishing emails that would not trigger rudimentary email defences (i.e., DMARC analysis of DKIM and SPF records). The low tech was a simple PDF attachment with no poison links or malware in either the attachment or the email itself. These elements were designed expressly to not trigger anti-phishing analysis.

Read more…