Phishing attacks targeting process engineers are no longer generic. Attackers research specific engineers, learn their projects, identify their vendors, and craft emails that reference real equipment, real projects, and real technical concerns. A message about a critical firmware update for a PLC model you actually use is credible enough to trigger action before verification occurs.
We have analyzed phishing campaigns specifically targeting industrial organizations in 2025 and 2026. The sophistication has increased markedly. Attackers now reference specific engineering software versions, equipment serial numbers, and facility-specific maintenance windows. Some campaigns impersonate actual vendors using compromised email accounts or domain typosquatting.
Common Phishing Techniques Targeting Engineers
Attackers use legitimate-looking alerts about firmware vulnerabilities, equipment recalls, or maintenance scheduling to prompt immediate action. They may reference a colleague by name or cite a facility-wide project to build credibility. The goal is usually credential theft from an engineering workstation or installation of reconnaissance malware that will bridge IT and OT networks.
One effective tactic involves sending emails that appear to come from vendors but contain slightly suspicious links. Engineers who notice the suspicious element often click the link anyway to verify its legitimacy, landing on a lookalike site designed to harvest credentials.
Training and Detection Measures
- Spear-phishing simulations: Conduct realistic phishing simulations targeting engineering staff with industry-specific content, not generic examples.
- Credential handling: Train engineers never to re-enter credentials after clicking an email link. Legitimate vendors do not redirect to authentication.
- Email authentication: Implement DMARC, SPF, and DKIM to prevent domain spoofing. Train staff to verify sender domains character by character.
- Vendor verification channels: Establish out-of-band verification processes for urgent maintenance alerts. If an email claims urgency, verify through a known vendor phone number.
Organizational Culture
Successful phishing defense requires that engineers feel empowered to question unexpected requests without fear of appearing foolish. If you'd like to discuss phishing awareness training or email authentication hardening for your facility, reach out.
This article was written by the Cascadia OT Security practice, which advises Pacific Northwest data centers and manufacturers on industrial cybersecurity. For engagement inquiries, reach our practice team.