SCAM OF THE WEEK: Unbottling the Soda Phish
A recent phishing scam discovered by INKY researchers is an example of how well-known name brands can be used to deceive unsuspecting users. This scam begins with a seemingly harmless email from an employee at PepsiCo requesting a quote to purchase something your organization is selling and includes a malicious file attachment disguised as a Request for Quote (RFQ). An RFQ is a simple way for an organization to ask different suppliers how much they would charge for a specific good or service.
In this phishing attempt, these cybercriminals spoof the email address to appear as if it's from PepsiCo. They even use an actual PepsiCo employee's name in some cases. The email uses common business terms to be more convincing. It also has a sense of urgency, threatening a consequence if you don't quickly respond. This urgency and the recognition of the PepsiCo brand increase the likelihood that you’ll take the bait.
Follow the tips below to stay safe from similar scams:
- Even if the sender appears legitimate, verify the email address and contact the organization through a different method, such as an official organization phone number.
- Beware of urgent requests. Take a moment to review and think critically, especially if the email includes a response deadline.
- Avoid opening attachments or clicking links from unsolicited emails.