Payment confirmations are essential in business. You need to know a payment has been processed.
That also makes it a prime candidate for a scam.
In this attack, missed by Proofpoint, the end-user sees what looks like a payment confirmation notice. Here's what the email looks like:
Should they click on the attachment, the site they're directed to is not legitimate:
One of the many reasons our AI detected this as phishing was due to an insignificant historical reputation with the sender. Avanan research has found that 84.3% of all phishing emails do not have a significant historical reputation with the victim.