Phishing Attack on Manufacturers Spotted in Kaspersky Campaign Report
Phishing attack on manufacturers uses fake buyer emails and cloud PDF scam pages to steal corporate logins
KASPERSKY – (Staff Report/News Desk) – Security researchers at Kaspersky have flagged a new phishing attack on manufacturers spreading across Europe, Asia, and the Middle East. The Kaspersky phishing campaign started in April 2026 and is still active today, targeting factories and production companies with fake business emails.
The scam begins in a simple way. Hackers send an email pretending to be an interested buyer. They ask normal business questions, like product pricing or stock availability. This makes the email look real and harmless at first glance.
Once the target replies, the trap moves forward. The fake buyer sends a link, claiming it leads to technical specifications for the product. Sometimes this link comes right away. Other times, attackers chat back and forth first to build trust before sending it.
Clicking the link takes the victim to a page designed to look like a well-known cloud PDF service. It looks familiar and trustworthy, which is exactly the goal. The page asks the user to log in with their corporate email and password.
The excuse given is security. The fake page claims this login step is needed to stop unauthorized file access. In truth, this step hands the victim’s company credentials straight to the attackers.
Kaspersky experts say this shows how phishing attacks are becoming more advanced. Instead of one-step scam emails, attackers now build multi-stage stories. Each step adds trust, making people less likely to notice a scam.
Roman Dedenok, an Anti-Spam Expert at Kaspersky, explained that criminals now study companies closely before attacking. They build custom stories to match how manufacturing businesses actually work. This makes the emails feel more real and harder to spot.
Dedenok also pointed out that many attackers now use AI tools. These tools help create phishing emails faster and can even automate replies during conversations with victims. This raises the risk for companies that do not have strong email security.
To fight back, Kaspersky suggests a few key steps. Companies should use trusted mail security software that can detect phishing, spam, and fake login pages before they cause damage. Businesses should also use threat intelligence services to stay updated on new scam tactics.
Employee training matters just as much as software. Kaspersky recommends regular cybersecurity awareness courses so staff can recognize suspicious emails before clicking any link.
As phishing attacks grow more advanced, manufacturers remain a major target due to valuable supplier and buyer communication. This Kaspersky phishing campaign is a clear reminder that even routine business emails can hide serious cyber threats.
Companies that stay alert, train their teams, and use strong email protection tools are far less likely to fall victim to these evolving scams.
Comments are closed, but trackbacks and pingbacks are open.