A spate of hyper-realistic phishing and ransomware schemes masquerade as customers.
Typically, targets get an email from a customer in their database. The email is a reply to a genuine marketing email they sent out. The customer's name is real. The email appears to be an order but it has an encrypted attachment.
DO NOT open the attachment.
Companies do not communicate with attachments to emails. Or, if they do, the recipient expects the attachment.
Before opening any unexpected attachment, call the customer. Make sure you use a phone number from the company's website, not one included in the email.
