Malicious threat actors are currently executing a targeted phishing campaign spoofing Pfizer to nick victims’ financial, confidential, and business information.
Pfizer is a famous pharmaceutical firm known as one of the first companies to provide a potent Covid-19 vaccine. These phishing groups try to abuse the brand’s reputation to have a more significant amount of success than impersonating lower-class pharmaceutical entities.
A research group’s latest report explained that the threat actors act as Pfizer employees in a phishing email campaign that they first discovered in August last year. The actors conducting this campaign are very sophisticated in their phishing methods, combining convincing PDF attachments with newly developed domains that portray an official Pfizer website.
Moreover, they spread email accounts from these newly created domains for phishing email spawning to avoid email protection services and solutions. These new malicious domains were registered through Namecheap, which allows cryptocurrency transactions and accepts crypto payment methods that lets the phishing operators hide their identity.
Phishing actors used different Pfizer domains to conduct their attacks.
Researchers discovered four Pfizer domains controlled by phishing actors. These domains are tracked by the researchers under the names such as ‘pfizer-nl[.]com,’ ‘pfizer-bv[.]org,’ ‘pfizertenders[.]xyz,’ and ‘pfizerhtlinc[.]xyz.’
The phishing emails sent by the threat actors usually contain urgent quotations, industrial equipment-related topics, and invitations to bid. Since medical practitioners recently discovered the recent Omicron variant, phishing actors are having an exciting time spreading malicious emails because most people are in a state of panic.
In addition, the researchers examined 400 samples of phishing emails. It turned out that these emails contain three-page PDF documents that disseminate payment terms, transactions, due dates, and other information that establishes a legit request for quotation.
Once a recipient is convinced or deceived by the email, the actors will request them to send their quotes to one of the earlier mentioned impersonating Pfizer domains. Even though the exact objective of the campaign is unknown yet, the fact that payment transactions are in the PDF is an implication that the phishing actors will need the recipient’s cooperation in conducting their banking information.
Therefore, if a recipient of such phishing emails provides their payment details, threat actors could use it for future malicious campaigns such as BEC (Business Email Compromise), scams, frauds, and more. Cybersecurity experts advised that if ever someone has encountered these emails, remain calm and do not let the panic make the decision. Instead, call an official company employee to confirm they received the email.