Fake Sales Leads Are Targeting Companies, and They’re Getting Harder to Spot.
Cybercrime has become a trillion-dollar industry. By the end of 2026, it is estimated that nearly half of global organisations will have experienced some form of malicious compromise.
While a significant proportion of attacks continue to target consumers, we are now seeing an increasing and coordinated effort by cyber criminals to directly target organisations themselves. A growing focus is emerging around one specific function: sales teams.
In this article, I want to outline the new types of attacks we are seeing, how they work, and what organisations can do to reduce their risk.
A New kind of risk.
Attackers are shifting away from purely technical system hacks targeting IT teams and administrator accounts. Instead, they are infiltrating relationships within sales pipelines. This approach is particularly effective against busy sales professionals who are trained to respond quickly and build rapport with potential clients, including unfamiliar contacts.
These attacks typically rely on social engineering rather than technical exploits. They manipulate trust and take advantage of common sales channels such as website contact forms and public-facing email addresses where new enquiries are routinely received.
“Send a simple message to your team today reminding them that sales leads can be malicious. Encourage them to pause, verify links, and avoid sharing credentials or files without due care.”
One click away from a breach.
These attacks commonly prompt users to log into fake portals, exposing Microsoft credentials, request document downloads via trusted messaging platforms, or introduce malicious attachments after an initial conversation has been established.
Once exposed, the hackers can extract data or credentials and may automatically propagate the attack by sending similar messages to everyone in the user’s contact list. While many of these methods are not new, the entry point is. Combined with AI-driven automation and personalisation, these attacks are proving highly effective at scale.
Exposing relationships, not technology exploits.
The impact of these attacks is especially significant in sectors such as accounting and finance. A compromised inbox or stolen credential can expose sensitive client data, trigger regulatory obligations, and erode trust built over years.
In many cases, the damage is not contained. Clients lose confidence, regulators request explanations, and reputational harm can spread faster than remediation efforts. This highlights why cybersecurity can no longer sit solely with technology teams. Every employee interaction contributes to organisational risk, particularly those on the frontline.
What can you do, today, as in right now.
These attacks are already happening and are evolving quickly. The most effective immediate action is to empower your people. Sales teams form a critical layer of defence for both the organisation and its clients.
Cybersecurity is no longer a distant technical issue. It exists in everyday business activity, from emails and LinkedIn messages to shared documents and sales conversations. When organisations treat cybersecurity as an IT-only responsibility, they create blind spots that attackers actively exploit.
Send a simple message to your team today reminding them that sales leads can be malicious. Encourage them to pause, verify links, and avoid sharing credentials or files without due care.
Follow this with targeted training focused on common attack techniques. We consistently see strong results in organisations that run annual accreditation or refresher programmes to reinforce fundamentals and introduce emerging threats.
Some good practical tips.
Beyond awareness and training, ensure the following basics are in place.
Use unique, secure passwords for every account
Use a password manager
Never leave devices unattended
Share files only through trusted, corporately managed environments, such as SharePoint or OneDrive
Report suspicious emails or contacts immediately using the “Report Junk” or “Report Phishing” options in Outlook
Some more advanced elements to consider.
Once the basics are established, consider additional protective measures.
Enable real-time scanning of email attachments and external URLs, with visible warnings when threats are detected
Configure a domain whitelist to reduce spam leads impersonating legitimate sources
Launch regular simulated attacks to test awareness and reinforce good behaviours
Conclusion.
Fake sales leads and enquiries pose a growing risk, particularly as AI enables large-scale, highly personalised attacks. These threats are effective because they blend into legitimate sales activity and blur the line between opportunity and danger. Modern cybersecurity must therefore focus on people, process, and proactive protection.
As part of my work at Buchanan Technology, we help organisations address these risks through Secure365. Secure365 is a proactive cybersecurity service that strengthens Microsoft 365 environments using continuously updated policies, real-time protection, and user-focused controls. It reduces risk where work actually happens, allowing teams to pause, verify, and protect what matters most: client trust, data, and reputation.
