Threat Watch

Phishing Attacks Impersonate Pfizer in Fake Requests for Quotation

Threat actors are conducting a phishing campaign impersonating Pfizer to steal sensitive information from individuals and organizations. Like many other phishing campaigns, the threat actors have created domains that look like they may be legitimate and send emails that invoke a sense of urgency. The initial emails request an organization to quote Pfizer for a purchase of equipment and comes with a PDF document that discusses due dates, payment terms, and other details that constitute a legitimate request for quotation. The document looks valid and can bypass security tools as it does not contain malware dropping tools. It’s likely a social engineering plot, to lure victims in and gain financial information from future interactions. Victims are asked to send their quotes to the newly registered domain addresses created by the threat actors.


Threat actors often use current events to make phishing campaigns and social engineering attacks seem more legitimate. Some best practices to prevent social engineering attacks include:
• Avoid clicking suspicious links or messages
• Research any unknown sources
• Question and verify any urgent call to action
• Enable multi-factor authentication
• Use strong passwords with upper case and lower-case characters, numbers, symbols and ten or more characters total
• Avoid sharing correct personal information when setting up accounts
• Conduct regular user-awareness training for overall cyber security hygiene
• Strengthen your endpoint security with Binary Defense Managed Detection & Response solutions