Hackers are impersonating Bloomberg employees in an attempt to install remote access software on target computers.

The ruse seeks to capitalize on the influence of Bloomberg Industry Group whose analysis major corporations use to track markets. The perpetrator is sending fake Bloomberg invoices that are laced with a RAT that could be used to surveil computer networks or steal data.

The goal of the malicious email campaigns, and exactly who was targeted, remain unclear. But the perpetrator has clearly gone beyond the bumbling phishing emails in broken English that typically give other scammers away.

It’s a clever piece of social engineering from a cyber actor that has apparently only been active for a year, but which has looked for economical ways into victim networks. One of the tools used, called NanoCore, is available for purchase on underground forums for just $20.

The emails ask users in fluent English to enable Microsoft Excel features which allow for the execution of malicious code. One email, for instance, lists a New York City phone number that recipients can call for “customer service.” When dialed the number, an automated voice read a different phone number and said that the voicemail inbox was full.

Bloomberg Industry Group did not respond to a request for comment by press time on the research