“Purchase Order And Quotation Of Best Price” Scam

Cybercriminals are constantly developing new ways to steal sensitive information, and one of the latest phishing scams making the rounds is the “Purchase Order And Quotation Of Best Price” email scam. This fraudulent email is designed to appear as an urgent request for a quotation based on a fake purchase order. Its goal is to trick unsuspecting victims into entering their login credentials on a phishing website, allowing cybercriminals to gain unauthorized access to their email accounts.

Falling for such a scam can lead to identity theft, financial loss, and unauthorized access to business-sensitive information. This article will detail the nature of the scam, provide a step-by-step removal guide, and outline preventive measures to safeguard against similar threats in the future.

Threat Overview

Below is a detailed breakdown of the “Purchase Order And Quotation Of Best Price” phishing scam:

Attribute	Details
Name	Purchase Order And Quotation Of Best Price Email Scam
Threat Type	Phishing, Scam, Social Engineering, Fraud
Fake Claim	Email contains a purchase order and requests a price quotation
Disguise	A sales manager from Brite Recruitment Ltd.
Email Subject	“Important Notice: Delay in Incoming Message Delivery”
Attachment	“PDF Reversed Purchase Order-6890” (Fake PDF)
Malicious Link	Leads to a phishing site posing as a Google login page
Purpose	Steal email login credentials, which can be used for further cybercrimes
Distribution Methods	Deceptive emails, malicious links, fake attachments
Potential Damage	Email account compromise, identity theft, financial fraud, malware infections
Recommended Security Tool	Scan with Combo Cleaner Antivirus for Mac

How Does the Scam Work?

The scam follows a structured pattern designed to deceive the recipient:

1. Victim receives a fraudulent email appearing to be from a legitimate company (e.g., Brite Recruitment Ltd.), with an urgent request to check a purchase order and provide pricing details.
2. The email includes a PDF attachment or a download link labeled as “PDF Reversed Purchase Order-6890.”
3. Clicking the link redirects the victim to a phishing site disguised as a Google login page, claiming the session has expired.
4. If the victim enters their email and password, the credentials are stolen and sent to the attackers.
5. Cybercriminals misuse the credentials to gain access to email accounts, send additional phishing emails, search for sensitive information, or attempt to hack into other accounts using the same login credentials.
6. Stolen information can also be sold on the dark web, further endangering victims.

Comprehensive Removal Guide

If you have interacted with the scam email or suspect that your credentials have been compromised, follow these steps to remove any associated threats and secure your accounts:

Step 1: Change Your Password Immediately

• If you entered your credentials, change your email password immediately.
• Use a strong password (at least 12 characters, including numbers, symbols, and uppercase and lowercase letters).
• If possible, enable multi-factor authentication (MFA) to add an extra layer of security.

Step 2: Scan Your Computer for Malware

• Phishing emails can sometimes include malicious attachments that install malware on your device.
• Run a full system scan using SpyHunter or another reputable anti-malware tool.
• Quarantine and remove any detected threats.

Step 3: Secure Other Online Accounts

• If you reuse passwords across multiple accounts, change them immediately.
• Attackers may attempt to gain access to banking, social media, and cloud storage accounts.
• Use unique passwords for every account and consider using a password manager.

Step 4: Check for Unauthorized Activity

• Review recent login activity in your email settings.
• Look for any unauthorized access or unknown devices logging into your account.
• If suspicious activity is detected, log out of all devices and reset security questions.

Step 5: Report the Phishing Email

• Report the scam email to your email provider (Gmail, Outlook, Yahoo, etc.).
• If the email impersonates a real company, notify the company’s IT or security department.
• Report the phishing attack to authorities like the FTC (U.S.) or Action Fraud (UK).

Step 6: Delete the Phishing Email Permanently

• Do not reply to the scam email or click on any links.
• Move the email to spam or junk and delete it.
• Warn colleagues or family members if they might have received similar messages.

How to Prevent Future Phishing Attacks

Cybercriminals are constantly evolving their tactics, so it’s essential to stay vigilant. Follow these best practices to avoid phishing scams in the future:

Verify the Sender’s Email Address

• Check for misspelled domains or unusual email addresses.
• Legitimate companies use official domains, not free email services like Gmail or Yahoo for professional correspondence.

Be Cautious of Unexpected Attachments and Links

• Do not open unexpected PDFs, Word documents, ZIP files, or links.
• Hover over links to check the actual URL before clicking.
• If unsure, verify with the sender through a separate communication channel.

Enable Multi-Factor Authentication (MFA)

• MFA adds an extra layer of security by requiring a second verification step (e.g., SMS code or authenticator app).
• Even if attackers steal your password, MFA prevents them from logging in.

Keep Software and Security Tools Updated

• Ensure your OS, browser, and email software are always up to date.
• Use reputable antivirus and anti-malware software for real-time protection.

Educate Employees and Family Members About Phishing

• Cybercriminals often target businesses and individuals who are unaware of scams.
• Regular training sessions on phishing scams can reduce the risk of falling victim.

Monitor Your Accounts for Suspicious Activity

• Regularly check for unauthorized logins or password reset attempts.
• Set up email alerts for suspicious activity.

Conclusion

The “Purchase Order And Quotation Of Best Price” scam is a dangerous phishing attack aimed at stealing login credentials and sensitive data. By understanding the threat, following the removal guide, and implementing cybersecurity best practices, you can protect yourself and your organization from cybercriminals.

If you receive a suspicious email, always verify the sender, avoid clicking unknown links, and use robust security measures. By staying informed, you reduce the risk of falling victim to phishing scams.