Security News > 2022 > May > Historic Hotel Stay, Complementary Emotet Exposure included
Abuse of trust relationships, even those as minute as the domain name for a hotel you may have stayed at two months ago, will yield better results for the actor attempting to convince an executive to interact with their email lure.
The message appears to originate from a historic hotel, Hotel Warner, which opened in 1930, this hotel has been a member of "Historic Hotels of America" since 2016.
Looking at the headers of the message, we can see a vanity spoof within the FROM field that will appear later, confirming this email was not sent by Hotel Warner.
Otherwise, we believe the email would have originated from the hotel's domain.
The message body was sent in plain text as opposed to a combination of text and HTML. While we've seen other samples that are also purely plain text, it's valuable to note that the target for this campaign has an email policy that will drop any HTML formatted emails.
At the time of this publication, no other guests of the hotel have come forward reporting having received the same email.