Interpol impersonation ransomware phishing campaign targeting small businesses
Campaign
Summary
Hide ▲
Show ▼
A phishing campaign is using Interpol impersonation to reach small businesses across Europe, Asia, the Middle East and North America, creating a broad ransomware-delivery risk. Emails claim to come from the Cybercrime Investigation Unit and push recipients to open a supposed evidence file. The lure routes victims through a Proton Drive link and password before presenting an executable disguised as a video file. If opened, the payload can compromise systems and drive ransomware extortion through Tox contact.
Timeline
-
01.07.2026 03:00 2 articles · 8d ago
Interpol impersonation phishing campaign delivers ransomware payloads
Initial DisclosureBitdefender Antispam Lab describes a phishing campaign in which cybercriminals impersonate Interpol's Cybercrime Investigation Unit to target small businesses across Europe, Asia, the Middle East and North America. The emails claim the recipient may be linked to suspicious or fraudulent activity, point to a password-protected Proton Drive file, and lead to an executable disguised as a video file that can compromise systems with ransomware; the ransom note then directs victims to contact the attackers through Tox.
Show sources
- Cybercriminals Pose as Interpol in Phishing Emails to Infect Victims With Ransomware — www.infosecurity-magazine.com — 02.07.2026 15:00
- Cybercriminals Pose as Interpol in Phishing Emails to Infect Victims With Ransomware — www.infosecurity-magazine.com — 02.07.2026 15:00