Skip to content

The Scam Targeting Senior Managers and Finance Teams

Lantech Nov 13, 2023 12:58:23 PM

Cyber threats are becoming more sophisticated, and the 'Request for Quote' scam is a prime example of this. It’s a devious attack which can compromise your Microsoft 365 account. All Senior Managers and everyone in the finance function – especially those responsible for payments – need to be aware of it. 

Here’s how the scam works and the steps you can take to protect your organisation.

The scam

  • An email arrives asking for a quote for your products or services. The sender of the email says that they will send a specification document for the quote. The source looks legitimate and there’s nothing to raise alarm bells.
  • No specification document arrives. Naturally, you follow up. They reply telling you they will send the document via WeTransfer.
  • You receive the WeTransfer link, which supposedly contains the specification document.
  • The WeTransfer link takes you to a PDF document – just as you’re expecting. But when you download and attempt to open the document you see an image prompting you to 'Click to View Document'.
  • Clicking the image takes you to a bogus Microsoft 365 login page, where you’re asked to enter your credentials and multi-factor authentication code.
  • The scammer now has full access to your Microsoft 365 account and all the sensitive information within.

To sum up, you follow up what seems like a legitimate enquiry, and are presented with what appears to be a legitimate login page. Unfortunately, the deception works because it mimics legitimate business practices – right until the time you click to view that document.

The red flags to watch out for

  • Unsolicited quote requests from unknown sources
  • Delay and change of method to WeTransfer for sending specifications
  • An embedded, clickable image in a PDF.

Safeguarding your business

Cybercrime is a major problem but by following a few simple steps and embedding good practice into your organisation you can reduce your risk.

Verify identities

Always confirm the identity of anyone requesting sensitive information.

Secure communication

Use established, secure methods for sharing business information. Be wary of sudden changes in communication channels.

Train your team

Equip your staff with the knowledge to recognise and report phishing attempts.

Implement robust security measures

Use multi-factor authentication and consider using Azure AD Premium 2.  This identity and access management solution offers additional protection and helps to thwart attackers even if they have your credentials.

Have a response plan

Be ready with a comprehensive plan for security incidents to ensure you can act swiftly and effectively.

Use advanced threat protection

Choose software that can detect and respond to threats in real time.

Be vigilant and proactive

We hope this information will help you avoid falling victim to the Request for Quote scam, but remember, you have to be vigilant – cyber threats are always changing. It’s always preferable to take proactive steps to defend your business rather than trying to repair the damage after an attack.