December 19, 2018

Good day, welcome to another bulletin from Breaking Scams…

Scam, just in…


Scams are coming thick and fast at present, with Fourthline Recruitment becoming the latest victim.  News on this one is spreading fast, especially given that Fourthline are specialists in placing people in data protection related roles.


The email itself looks fairly convincing, particularly as the vast majority of emails we are aware of address the recipient by their first name.  Hopefully there will have been a few red flags spotted thanks to user vigilance (again highlighting the need for effective, ongoing, security awareness training). This is what the email looked like:

phishing email

This is why it was so convincing:

  1. It is reported to come from a genuine Fourthline email account (as a result of an account being compromised as confirmed by Fourthline)
  2. It is addressed to the specific user (we’ve blurred this out for privacy reasons)
  3. It capitalised on a brand that many infosec and data protection professionals both use and trust
  4. Given that the emails seem to only be targeted at current Fourthline customers (of which there are many), this makes the phishing email all the more believable as they are likely to have ongoing commercial relationships – and therefore, expecting invoices.


The email itself had a few red flags however:

  • The “Review and pay” button showed a malicious link
  • There is the use of an exclamation mark, informing them of their invoice
  • … Lastly, there’s the consideration as to whether it was expected or not?  In this case, cybercriminals will be hoping that the long standing relationships with Fourthline will be compromised as busy professionals would either action or forward for actioning, suspecting it to be authentic.


How did I end up with a scam email in my inbox?


Fourthline are aware of the issue and a statement on their webiste reports:

If you have received an email from us regarding an invoice, please delete and ignore this immediately as our account has been compromised. We are currently investigating this as a matter of urgency and will update you in due course. We can only apologize at this time.

If you receive an email from Fourthline asking for an invoice payment, do not click on any of the links in the email.


Why not help your colleagues in infosec stay safe and share this post – or, alternatively, feel free to copy and paste the below for sharing:


Fourthline Invoice Scam Notice

Look out for a suspicious email which uses the Fourthline recruitment brand, suggesting there is an outstanding invoice requiring your attention. This is a scam email and clicking on any links will take you to a malicious website.


If you receive an email of this nature, ignore it. DO NOT click ANY links in the email.


If you receive an email like this and are concerned, you can report it to Action Fraud, The National Fraud and Cyber Crime Reporting Centre.


Don’t forget to share this with your colleagues and friends and help them stay safe.


Let’s keeping breaking scams!

Share this: