So there's someone back and forth in an email chain with someone from Big Ambulance Inc negotiating price and agree to proceed with sale and then what?
When I was in IT our company would get emails from slight mis-spellings of our domain name claiming to be our CEO, CFO. Our vendors would also routinely get hacked and the hackers would send emails from the vendor's legit email clients/network requesting we change how we paid them.
This sounds like what happens with Hotels.com where the hotel you just booked with said there was an issue with the payment that was submitted, and you must pay with this alternate payment method instead -- it turns out the hotel's account had been compromised and the thief/scumbag/scammer does this to all the hotel's bookings. The one we got a message from, apparently the respective hotel keeps having this happen over and over. My guess is the outdated computer they use has a keylogger or trojan on it and their accounts will just be forever compromised. Fun times.
I did some contract work for a major hotel chain a few years ago (Windows 2012 server upgrades) and was horrified by their utter lack of security everywhere. Everything was out of date, no patching, super simple admin passwords everywhere. It was crazy. They did have corporate level IT, but from what I remember, it wasn't for any infra, just their hotel related software.
Don't connect to hotel wifi, or if you do, don't do anything important on it.
~10 years ago, the big hotel brands (IHG/Hilton/Marriott/Hyatt) required their franchisees to install professional networking equipment from vendors like Cisco Meraki or Aruba, to be managed externally by one of the brand's approved network managers (e.g. WorldVue).
Reminds me some years ago at a company retreat at one of those brands, where we wanted to checks the OpSec of the hotel we were staying at, so I went up to the hotel lobby desk, said I was $NAME_OF_CEO and I had lost my hotel room key and my wallet is in the room, and they straight up gave a new card to me, without any sort of verification at all.
I had the same experience as the other person that replied to you. At the front desk - "Hi, I'm here to do some IT work, is manager around?" "Oh the server room is around the corner, it's unlocked." Didn't need the root esxi password because the IP and password were stuck to the sever with a sticky note.
In my friend’s case, they monitored a compromised email account for months.
They then set up filters to hide a certain large incoming invoice via filters, and replaced it with the same thing but with a different routing number for the transaction.
A month later that vendor starts sending dunning notices, to everyone’s confusion. $90k gone.
And then somebody sends you an invoice, they aren’t who you think they are, and you wire their bank account to pay the invoice. They remove the money from their account, hide its origins through various laundering methods, and move on.
So there's someone back and forth in an email chain with someone from Big Ambulance Inc negotiating price and agree to proceed with sale and then what?