A phishing campaign is targeting small businesses across Europe, Asia, the Middle East, and the United States with emails that impersonate Interpol’s cybercrime investigation unit, researchers at Bitdefender report.
“Recipients are told that investigators have obtained information and video material related to their organization and are encouraged to review the evidence as soon as possible,” Bitdefender says. “The message is carefully crafted to create anxiety. Nobody wants to receive an email suggesting their company may be involved in suspicious or fraudulent activity or under investigation. To review the alleged evidence, recipients are directed to a Proton Drive link containing a password-protected archive. The password is conveniently included in the email itself. Once opened, the archive appears to contain a video file documenting the supposed activities under investigation. Instead, the victim is greeted with malware.”
Once installed, the malware deploys ransomware on available drives and tells the victim to contact the attackers to pay a ransom.
“One of the biggest red flags in this campaign is the delivery method itself,” the researchers write. “While the attackers impersonate Interpol, legitimate law enforcement agencies don't send unsolicited emails containing Proton Drive links to password-protected files and ask organizations to review alleged evidence of wrongdoing. If you receive a message like this, resist the urge to investigate on your own. Instead, verify the communication through official channels before opening any attachments or downloading files.”
The researchers note that small businesses are often particularly vulnerable to these types of attacks.
“Small businesses are often viewed as easier targets than large enterprises,” Bitdefender says. “Many operate without dedicated IT teams or cybersecurity staff. Security responsibilities are often shared among employees who already wear multiple hats, and limited budgets can make it difficult to invest in advanced security measures or ongoing training. When an alarming email arrives claiming to involve investigators, compliance issues, or evidence of misconduct, there may be no formal process for verifying the claims before someone clicks. Attackers understand this reality and design campaigns specifically to exploit it.”
Bitdefender has the story: Fake Interpol investigation emails target small businesses with ransomware
