Cybersecurity Horror Story: A Phishy Contract Nearly Ends in Tragedy

A digital marketing agency and client of an MSP is offered a big contract by a retail chain. Could the email be his dream come true—or his worst nightmare?
Cybersecurity Horror Stories 2024 (2)Charlie’s phone buzzed with an email notification—an ordinary Thursday suddenly felt anything but ordinary. He swiped to see a message from “Diana Price” at the massive retail chain, Plantain Nation. He wasn’t used to this kind of outreach from such a prestigious brand, and his curiosity mixed with disbelief—why would Plantain Nation reach out to his small digital agency?

The message was filled with just the right mix of professionalism and flattery. Diana described an upcoming marketing campaign aimed at expanding their presence in new markets. The email spoke of a generous budget—$45,000 to $80,000 per month for the initial phase—an offer almost too good to be true. Charlie felt his pulse quicken as he read, thinking what a coup it would be to snag such a big client.

Something felt off. The email address—’[email protected]’—didn’t look right, and there was a Dropbox link inviting him to download a zipped document. Despite the professional tone, a sense of foreboding lingered. The offer was incredibly enticing, but what shadows lurked therein?

Still, Charlie clicked the link. The Dropbox page loaded cleanly, and inside was a trove of legitimate-looking files—campaign videos, glossy images, marketing plans—except for one odd item. A file named “Plantain-Marketing-Details.exe,” almost a gigabyte in size. Unease burbled in Charlie’s stomach. Why would a marketing document include a giant executable file?

The promise of prestige tempted Charlie. But that .exe file … it felt wrong. He emailed his friend Joshua, a cybersecurity expert, to get a second opinion. When Joshua replied, he didn’t mince words: “That .exe file—it’s got to be a payload. Keylogger, malware, something. This is absolutely a scam, Charlie.” Joshua’s words hit like a splash of cold water. Charlie felt the rush of adrenaline drain away, leaving behind the stark realization—he had almost walked into a trap.

Joshua went on to analyze the executable file and told Charlie it contained a keylogger—something designed to lurk in Charlie’s system, silently capturing every keystroke and sending it off to a remote server, and also a RAT, a bit of malicious software that could allow an attacker to remotely access Charlie’s computer at will, controlling his webcam, microphone and capturing his screen. Joshua also pointed out that Charlie may have gotten lucky, a gigabyte executable file was awfully sloppy, in his view. Joshua said that more sophisticated attackers would make a much smaller file and give it a .lnk or a .scr extension, making it less obvious as malicious. And they also could have included credential-stealing links in the PDF files but did not. Joshua told Charlie he did a great job slowing down and not running the executable, but also that he was fortunate these scammers were not more thoughtful.

The next morning, Charlie received another email from “Plantain Nation.” A follow up on the contract offer, except the signature was no longer Diana Price, now it was Clair Banks. Charlie stared at the screen, his finger hovering over “delete”. Anger mixed with relief—he had almost fallen for it. The lies were precise enough to fool even someone cautious like him.

Charlie deleted the email, a chill lingering. It wasn’t the lost opportunity—it was how close he came to exposing everything, saved only by a scammer’s sloppy mistake.

Joshua Headshot - Red Shirt - 2022 325 copyWarning Signs Charlie Almost Ignored:

  • Suspicious email address: An unfamiliar domain: ‘plantainnation-int.com’ instead of ‘plantainnation.com’
  • File sharing via Dropbox: A genuine partnership from a major brand would not likely involve downloading executable files from Dropbox
  • Identity inconsistencies: Changing names—from Diana Price to Claire Banks—and suspicious LinkedIn profiles
  • Too-good-to-be-true offer: A major brand reaching out of the blue with a $45,000 to $80,000 per month offer? Exciting, yes. Realistic? Probably not.

When you receive an unsolicited opportunity, remember Charlie’s story. Pause, verify and think twice before clicking. The next message you receive might not be what it seems … and one wrong move could pull you into the shadows. And if you have a cybersecurity expert friend like Charlie did, reach out BEFORE taking action. It just might save you.

Joshua Peskay is the CISO at RoundTable Technology.

Make cybersecurity a priority in 2025. See how the CompTIA Community can help.

 

Newsletter Sign Up

Get CompTIA news and updates in your inbox.

Subscribe

Read More from the CompTIA Blog

Leave a Comment