chat
expand_more

Fake RFQ Used in Malware Attack

A request for quote (RFQ) continues to increase in popularity as an attack type, as vendors are likely to open the attachments or click the links associated with these types of email. In this attack, attackers disguise harmful malware as a RFQ...
L Blog Author
Abnormal AI
April 14, 2021

A request for quote (RFQ) continues to increase in popularity as an attack type, as vendors are likely to open the attachments or click the links associated with these types of email. In this attack, attackers disguise harmful malware as a RFQ to encourage recipients to download the dangerous files.

Summary of Attack Target

  • Platform: G Suite
  • Victims: Employees
  • Payload: Malicious Link
  • Technique: Impersonation

Overview of the RFQ Malware Attack

This attack is an impersonation of a “request for quote” (RFQ) from a legitimate, outside organization. The attack originates from the throwaway address “info@req-allparts.com”, with the reply-to address “glennmauldin@zidnei.com”.

By using urgent language, the attacker attempts to coax the recipient to click on the link “Rfq 507890.pdf” without examining it for malicious content. Clicking on the link does not download a PDF or bring the recipient to an external website, but rather forces a malware download.

The downloaded file from the malicious link is a compressed .GZ file, which enables it to circumvent certain malware detectors. Within the compressed file is a text file full of malicious code, including spyware such as a keylogger. If the recipient allows this code to run, the attacker could record everything that the recipient enters into his or her computer or possibly even take complete control of the recipient’s device.

Why the RFQ Malware Attack is Effective

The recipient of this email is likely to open this attachment, given that they believe it to contain information about a RFQ. In addition, many security systems can only detect malware if it is attached to an email in an uncompressed form. Putting malware into a .ZIP folder or a .GZ archive can easily circumvent these security measures.

Abnormal Security prevented this attack by recognizing a number of signals that, when combined, flagged the email as malicious. Some of these signals are contained in the message body, such as the presence of suspicious wording. Others are contained in the message headers, such as the fact that the reply-to address for this email did not match the sender address or any of the links in the email. It is much more difficult for an attacker to hide these kinds of signals than it is to hide the malware.

To learn how Abnormal Security can protect you from malware attacks that others miss, request a demo today.

Fake RFQ Used in Malware Attack

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Discover How It All Works

See How Abnormal AI Protects Humans

Product Platform
About Abnormal AI
Get a Demo

Related Posts

B Social Engineering
Credential Phishing
The Art of Social Engineering: The Impressive, The Clever, The Intricate
Today’s targeted cyber attacks are so formidable that legacy defences can’t stop them, and even savvy professionals are being fooled. These examples show how sophisticated they’ve become.
Read More
Blog Cover 1500x1500 Template v3 0 DO NOT EDIT OR DELETE
Threat Intel
Legitimate Senders, Weaponized: How Abnormal Stops Email Bombing Attacks
Email bombing turns trusted sources into a smokescreen, flooding inboxes to distract users and hide follow-up threats.
Read More
B Evil Panel Blog
Threat Intel
EvilPanel: The New Face of Automated AiTM Phishing
EvilPanel is a new phishing toolkit built on Evilginx that provides a full-featured web interface for launching MFA-bypassing attacks.
Read More
B SAT
Data & Trends
From Ineffective to Intelligent: Rethinking SAT with AI-Driven Insights
Discover why traditional security awareness training isn’t reducing human risk and how AI-driven, personalized training can transform SAT effectiveness in 2025.
Read More
B 1500x1500 Through the Looking Glass RSAC 2026
CISO Insights
Through the Looking Glass: A CISO's Take on RSAC 2025
What did RSAC 2025 reveal about the next wave of cyberthreats—and the AI-powered tools to stop them? Abnormal’s Field CISO shares her top takeaways.
Read More
B 5 8 25 AI Inn
Engineering
Abnormal AI Innovation: How Abnormal Accelerates Developer Velocity with MCP
Discover how Abnormal AI accelerates developer velocity with its secure, in-house Model Context Protocol (MCP), integrating tools like GitHub and Jira directly into local environments to streamline workflows without compromising security.
Read More