There’s been a recent rash of phishing emails that include PDFs supposedly of outstanding invoices, proof of payment made, and/or renewal of subscriptions, or with changes of payment instructions. The email has a PDF attachment and may also ask for credentials or ask you to click a link to pull the original invoice or proof of payment. This is a targeted and personalized campaign. In one instance, the recipient did not touch any links but replied to the email asking for confirmation of the transaction and received a personalized reply saying it was real – the sender’s email had been compromised.

The lessons here are: as always, NEVER click on any link and NEVER accept new payment instructions (different account, pay by wire, etc.) without a multi-day process with phone calls and a Zoom to verify the new details. DON'T just reply to the email to check, the attacker will (of course) say the change is approved.. For financial transactions, we always recommend you confirm with the person directly – via a telephone call. If you are receiving what looks like a suspicious email from a known contact, it is likely their email has been compromised. Therefore, the only way to verify is to call the person directly at a number you already have on file, not the number in the email. This is particularly important when sending wire transfers, payments, or any kind of financial information.

If you are a Hybridge client and are ever in doubt about whether an email is legitimate, please send the email to support at and we will be happy to investigate.

Share this blog: