“Purchase Order And Quotation Of Best Price” Scam: A Phishing Attempt Disguised as a Business Inquiry

The “Purchase Order And Quotation Of Best Price” scam email is a phishing campaign designed to steal recipients’ email login credentials by masquerading as a legitimate business inquiry regarding a purchase order and quotation. This scam employs social engineering tactics to create a sense of urgency, tricking victims into interacting with malicious attachments or links.

Threat Summary

How the Scam Works

1. Email Disguise:
   • The scam email is sent under the subject line “Important Notice: Delay in Incoming Message Delivery” and appears to originate from a sales manager at Brite Recruitment Ltd.
   • It uses a generic greeting and urgent language to pressure the recipient into taking immediate action.
2. Deceptive Content:
   • The email claims to include a purchase order attachment (e.g., “PDF Reversed Purchase Order-6890”) and urges the recipient to provide a price quotation.
   • The “Download” link leads to a fake Google sign-in page that tricks users into entering their email credentials.
3. Credential Theft:
   • If a recipient enters their email and password, scammers capture the credentials, gaining access to the victim’s email account.
   • Once compromised, the attacker may:
     • Access personal and financial data stored in the victim’s email.
     • Send phishing emails to the victim’s contacts.
     • Use stolen credentials to access banking, social media, and corporate accounts.
     • Sell the credentials on the dark web.
4. Potential Malware Delivery: Some versions of the scam may contain malware-laden attachments (e.g., PDF, Word, or ZIP files). Opening such files can execute malicious scripts that install keyloggers, spyware, or ransomware on the victim’s device.

How to Identify and Avoid This Scam

Warning Signs in the Email

✅ Generic greeting (“Dear {user}”) instead of a personalized salutation.
✅ Urgency and pressure to respond quickly.
✅ Suspicious sender address (email may not match the actual company domain).
✅ Grammatical and spelling errors (e.g., “Best regard” instead of “Best regards”).
✅ Links leading to fake login pages (hover over the link to check the URL).
✅ Unexpected attachments from unknown sources.

Preventive Measures

✅ Verify sender identity: Contact the company directly using official contact details.
✅ Do not open suspicious attachments or click on links from unknown senders.
✅ Enable Multi-Factor Authentication (MFA) for email accounts to prevent unauthorized access.
✅ Use an advanced email security solution to detect phishing attempts.
✅ Scan for malware using a legitimate antivirus tool (e.g., Combo Cleaner for Mac).

What to Do If You Fell for the Scam?

• If you entered your email credentials on the fake site:
• Immediately reset your password for the compromised email account.
• Enable Multi-Factor Authentication (MFA) to secure your account.
• Check for unauthorized activity in your email, banking, and social media accounts.
• Warn your contacts that your email may have been compromised.
• Run a full malware scan to detect and remove any installed threats.

Similar Phishing Scams

This scam is part of a broader trend of business email compromise (BEC) attacks that impersonate reputable companies. Other examples include:

• “Funds Disbursed By Presidential Administration” Scam
• “Account Is Due For Update” Scam
• “Emirates NBD – Secure Banking Notification” Scam

Such scams often use deceptive techniques like spoofed email addresses, fake login pages, and malware attachments to steal credentials or distribute malware.

Conclusion

The “Purchase Order And Quotation Of Best Price” email scam is a fraudulent phishing attack designed to steal email credentials by tricking victims into interacting with a fake purchase order request. Avoid clicking suspicious links, verify senders before responding, and use strong security measures to protect your email and online accounts.