A client of ours has recently received a very convincing spam email, appearing to be from a colleague asking if they had seen the file mentioned in the subject. Seen this before? I’m sure you have. The difference with this case is that the spammers followed up with a phone call to make this much more convincing.
The body read along the lines of ‘I understand that you have already spoken to John Smith at Company regarding this file’. Although the name of the person and the company was actually legit name (taken from a published profile on the company’s website). Not long after the email arrived, a call came in from the mentioned person, asking our client if they had received the file in question.
By looking at the email header we were able to see the email came from Microsoft’s Hotmail servers, using a free account they had created. It’s possible that this is an individual case of a targeted attack, but nevertheless it is a reminder to be vigilant and always be suspicious of any emails (or calls) that you weren’t expecting.
Stay safe out there!