We are seeing a high number of malicious emails that are coming from real (but compromised) local email addresses claiming to be the following.
- Bid
- Project
- Quote
- Invoice
Because these are coming from local construction, utility, and trade companies, the malicious emails are being opened at a high rate — and the “project” link is being clicked — at which point the link downloads an executable file that gives the attackers full access to the local system.
Within minutes the hackers use the local system (and any/all email accounts on it) to resend the malicious email to everyone in the contacts of that mailbox. The subject lines and contents of the emails are changing with every pass — so spam and anti-phishing filtering are not able to kill them all. Again, these are coming from REAL users and thus REAL mailboxes, making them look legitimate to even the most trained AI and human.
The key to stopping this spread.
- If you are not expecting an email about a project, DO NOT open.
- Even if you know the sender and might be working on a project, CALL THEM to see if they sent the referenced bid/quote/etc. Do not reply to the email, but contact them via phone or text instead.
- As a general rule, you should not be prompted to login to Microsoft or Google to view projects or prompted to allow something to install — both of which are red flags.
- If you see a link or attachment that ends in exe, or a link that tries to download an exe — STOP — and contact your IT partner immediately.
Please contact your IT partner or contact the VCDC at 605-624-5571 to be referred to a member IT company.
-
Hanna DeLange Communications & Tourism Specialist
- February 06, 2026
- (605) 624-5571
- Send Email
