Skip to main content
Back to Blog

The Cleverest Phishing Scam We’ve Seen in a While Hit Our Sales Team Last Week

The Cleverest Phishing Scam We’ve Seen in a While Hit Our Sales Team Last Week

Last week, our Sales team at Hook Security received an angry email from the CEO of a real company demanding we cancel his account immediately over a fraudulent $200 charge.

Subject line:

[Urgent] Cancelling my account ASAP

There was just one problem.

We’ve never done business with him.
He’s never been a customer.
We’ve never billed him a dollar.

And after a little investigation, it became obvious:

He never sent the email.

This was a sophisticated phishing and social engineering attack designed to target support and sales teams through shared inboxes like sales@, support@, and billing@.

Honestly, it’s one of the cleverest phishing pretexts I’ve seen in a long time.

Why This Phishing Scam Works

Most people still imagine phishing emails as obvious scams filled with broken English, fake invoices, or suspicious links.

Modern cybercriminals are getting smarter.

This attack avoided nearly every traditional phishing red flag:

  • No malicious link in the first email
  • No request for payment
  • No attachment
  • No immediate ask

Instead, the attacker played the role of an angry customer.

That emotional pressure is the attack.

Support reps are trained to help frustrated people quickly. Sales teams are trained to respond fast. Shared inboxes are designed for speed and customer service.

The attacker weaponized that instinct.

The Real Payload Comes Later

The first email is just the setup.

The moment someone replies with something like:

“I’m not seeing your account in our system. Can you confirm the email address you used?”

…the attacker wins the first stage.

Now they have:

  • A verified human response
  • An active email thread
  • Trust established
  • A real employee engaged in conversation

That’s when the second-stage phishing attack begins.

Maybe it becomes:

  • A fake Stripe receipt PDF
  • A malicious invoice attachment
  • A credential harvesting login page
  • A wire transfer “refund” request
  • A business email compromise attempt

The first message isn’t the scam.

The conversation is.

Why This Social Engineering Attack Was So Effective

The attacker made several smart moves:

1. They impersonated a real executive

The name belonged to a legitimate co-founder of a known company. A quick Google search confirmed he was real.

That instantly lowered suspicion.

2. They targeted shared inboxes

Instead of aiming directly at a CFO or executive, they targeted general-purpose inboxes monitored by busy employees handling dozens of requests per day.

That’s a much softer target.

3. They used emotional urgency

Angry customer emails trigger immediate action. Nobody wants to ignore a billing complaint from a CEO.

The attacker understood human psychology better than technology.

The Biggest Cybersecurity Lesson Here

This is exactly why cybersecurity awareness training can’t just focus on “don’t click suspicious links.”

Modern phishing attacks are increasingly built around:

  • Emotional manipulation
  • Conversation hijacking
  • OSINT (Open Source Intelligence)
  • Trust exploitation
  • Human behavior

Attackers know people are easier to manipulate than firewalls.

And honestly?

We do this for a living and it still landed in our inbox.

That’s what makes modern phishing so dangerous.

A Few Practical Takeaways for Your Team

Verify the actual sender address

Display names are theater. Always inspect the real email address before trusting the message.

Shared inboxes are high-risk targets

Your sales reps, support staff, and billing teams are increasingly frontline cybersecurity targets.

Slow down emotionally charged requests

Urgency is one of the oldest and most effective social engineering techniques.

Validate unknown billing complaints carefully

If someone claims they were charged by your company but you have zero record of them in your CRM or billing platform, pause before engaging.

Cybersecurity Is a Human Problem First

At Hook Security, we talk a lot about Psychological Security because modern phishing attacks are designed to manipulate people, not just bypass software.

The technology matters.

But understanding human behavior matters just as much.

And attacks like this are proof of that.

Ready to Strengthen Your Security Culture?

See how Hook Security can help protect your organization.

Get a DemoLearn More