Recently, a number of legitimate PR firms have been hacked and their media contacts stolen.
The criminals attach a Google drive share file or other shared file for you to click on. DON'T click it. It is a whaling attempt at the least, and a malicious payload more likely.
I've xxx'd out the personal information on the victim at the pr firm that was hacked in this message below:
> From: Sammy Txxx <firstname.lastname@example.org>
> Sent: Tuesday, June 28, 2016 10:36 AM
> Subject: IMPORTANT - email@example.com shared a file
> I've shared items with you below for (President/CEO)
> File(Via google drive)
> Google Drive:Have all your files download with anywhere
Note that the return email actually resolved to a dummy site registered in Jakarta. The criminals simply used the real email address in the subject header and didn't even try to get their English right.
I've contacted the real PR company and they know that their press email addresses have been hijacked and are working to alert everyone to the problem. I've also had the fake domain name, "exodigitalagency.com" blocked.
Meanwhile, other reputable PR firms tell me they are also falling victim to account hijacking and their email addresses stolen and used to send such files to us members of the press.
So press members, please beware of anything coming from what looks like a legit PR firm with attachments or links, particularly if you weren't expecting them. Don't respond or the criminals will know you are a real target to go after. And block the criminal domains the emails actually resolve to.
Otherwise the bad guys will keep coming at us with better crafted messages because no matter what the PR firm does now to stop this, the criminals have all of our email addresses.