At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Exposed: Scam Artists Mimicking PepsiCo in Phishing Schemes

    Researchers at INKY warn that a phishing campaign is attempting to distribute malware by impersonating PepsiCo.

    “As usual, it all starts with a phishing email,” the researchers write. “In this case, the phishers are impersonating the PepsiCo brand, pretending to be potential clients. They are claiming to need what the recipient sells and they’re asking them to submit a quote for PepsiCo to review. What the would-be victim doesn’t know is that attached to the email is a malicious disk image, disguised as a RFQ (Request for Quote). One click will infect the victim’s computer.”

    INKY explains that the emails are fairly convincing and detailed in terms of business jargon:

    1. “As mentioned, the sender’s email address was spoofed. What shows is me@pepsico[.]com and the sender’s display name uses that of an actual PepsiCo employee who is responsible for procurement management.”
    2. “It is becoming common practice for cybercriminals to create phishing emails with a good amount of detail so they seem more convincing. You’ll notice this email comes with a lot of information, as well as a threat their RFQ could be rejected if they don’t follow the specific instructions outlined in the email.”
    3. “A common phishing technique is to create urgency. The phisher does that by imposing a deadline for the RFQ.”

    INKY notes that the attackers chose to impersonate PepsiCo in order to cast a wide net for potential targets.

    “With phishing emails, it’s important to choose a brand that prompts readers to act,” the researchers write. “PepsiCo’s product portfolio boasts more than 500 different brands, including its flagship Pepsi product, Frito-Lays, Gatorade, Quaker, Lipton, Doritos, Rold Gold, Starbucks RTD beverages, and many more. With 291,000 employees located all over the world, PepsiCo is a global powerhouse. The way in which this phishing email was deployed also aids in its success. To evade geographical filters, these emails were sent from several U.S.-based virtual private servers controlled by bad actors. Also, the phishers used a ‘spray and pray’ technique – meaning they sent out large quantities of the email in hopes that a percentage of recipients would fall for the scam and click on the malicious link.”

    KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    INKY has the story.

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    Here’s how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry
    Go Phishing Now

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top