{"id":30721,"date":"2026-07-08T17:40:58","date_gmt":"2026-07-08T16:40:58","guid":{"rendered":"https:\/\/www.kaspersky.co.uk\/blog\/manufacturing-phishing-2026\/30721\/"},"modified":"2026-07-08T17:41:06","modified_gmt":"2026-07-08T16:41:06","slug":"manufacturing-phishing-2026","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.uk\/blog\/manufacturing-phishing-2026\/30721\/","title":{"rendered":"Targeted phishing attacks on manufacturing companies"},"content":{"rendered":"<p>We have identified a new targeted phishing campaign in which cybercriminals attempted to attack manufacturing companies. The attack employed a multi-stage approach \u2014 before sending the phishing link directly, the attackers engaged in correspondence with the victim to lower their guard. The email texts were apparently generated using large language models. As of this post\u2019s publication, the attack is still ongoing, so we recommend staying vigilant!<\/p>\n<h2>Phishing scheme<\/h2>\n<p>The attackers attempt to pose as potential clients. The emails are sent from addresses registered on free email services \u2014 these services do not have a known bad reputation, and are often actually used for business correspondence, especially by small companies. Regardless of the victim\u2019s native language (and we\u2019ve seen attacks targeting companies in Russia, the Czech Republic, Malaysia, and Egypt), the attackers\u2019 emails are always written in English.<\/p>\n<p>In the first email, the attackers ask questions about the products being offered, citing actual product names. This indicates thorough preparation for the attacks \u2014 the attackers do not send identical emails to manufacturing companies with similar profiles, but rather carefully research publicly available information about each victim online. If someone responds to the first email, the attackers continue the correspondence. Sometimes, before moving directly to their objective \u2014 extracting credentials from corporate email accounts \u2014 they exchange several messages in which, as a distraction, they clarify certain details or ask additional questions. But more often than not, they send the phishing link as early as the second email.<\/p>\n<p>The attackers send detailed specifications for a product they claim to be interested in, ask if the product can be engraved according to a sketch, or use any other pretext to try to get the victim to open the file they\u2019ve sent.<\/p>\n<div id=\"attachment_56099\" style=\"width: 1585px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2026\/07\/08174104\/manufacturing-phishing-2026-letter.jpg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-56099\" class=\"wp-image-56099 size-full\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2026\/07\/08174104\/manufacturing-phishing-2026-letter.jpg\" alt=\"A chain of emails ending with a phishing link\" width=\"1575\" height=\"893\"><\/a><p id=\"caption-attachment-56099\" class=\"wp-caption-text\">A chain of emails ending with a phishing link<\/p><\/div>\n<h2>Phishing website<\/h2>\n<p>In reality, there is no file at all. The phishing site that opens when victim clicks the link mimics a popular cloud service for working with PDF documents. The \u201cDownload\u201d button leads to a login form where the victim is asked to enter their work email address and password to access the confidential file. Of course, this is \u201cfor security purposes.\u201d If an employee of the targeted company doesn\u2019t stop to think about why they would enter their corporate login credentials on a completely unrelated website \u2014 one that clearly has no way of verifying their authenticity \u2014 then their email address and associated password will be sent to the attackers\u2019 server.<\/p>\n<h2>How to stay safe?<\/h2>\n<p>Modern phishing attacks are becoming increasingly sophisticated and, thanks to attackers\u2019 use of AI tools, even more convincing. That\u2019s why, first and foremost, we always recommend periodically <a href=\"https:\/\/k-asap.com\/en\/?icid=gb_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder____kasap___\" target=\"_blank\" rel=\"noopener\">raising employee security awareness<\/a>. And to ensure they have to put this knowledge into practice as rarely as possible, it is recommended to deploy a security solution at the email gateway level. Specifically, our <a href=\"https:\/\/www.kaspersky.co.uk\/small-to-medium-business-security\/mail-security-appliance?icid=gb_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">Kaspersky Secure Mail Gateway<\/a> detects this phishing attack even before the attackers move on to the actual phishing attempt.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-trial\"><input type=\"hidden\" class=\"placeholder_for_banner\" data-cat_id=\"kesb-trial\" value=\"24151\">\n","protected":false},"excerpt":{"rendered":"<p>Before launching a phishing attack, attackers initiate correspondence with the victim.<\/p>\n","protected":false},"author":2598,"featured_media":30724,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1836,2360],"tags":[1043,19,76],"class_list":{"0":"post-30721","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"tag-ai","10":"tag-email","11":"tag-phishing"},"hreflang":[{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/manufacturing-phishing-2026\/30721\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/manufacturing-phishing-2026\/30884\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/manufacturing-phishing-2026\/25919\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/manufacturing-phishing-2026\/42241\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/manufacturing-phishing-2026\/56097\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/manufacturing-phishing-2026\/30833\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/manufacturing-phishing-2026\/36387\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/manufacturing-phishing-2026\/36283\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.uk\/blog\/tag\/phishing\/","name":"phishing"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/30721","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/users\/2598"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=30721"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/30721\/revisions"}],"predecessor-version":[{"id":30723,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/30721\/revisions\/30723"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media\/30724"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=30721"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=30721"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=30721"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}