LetzSecure logo LetzSecure
Log in
← Back to blog

“We’d Love to Collaborate” — How a Fake H&M Deal Almost Looked Too Real

May 05, 2026

Article by Margarita.


Most people know me as a marketer at LetzSecure.

What fewer people know I also run an Instagram page. It’s my creative side. A little separate from the cybersecurity world.

But apparently, that was enough to get noticed. By H&M.

Or at least someone pretending to be them.

I work in cybersecurity. Spotting things that feel off is part of the job. But I’ll be honest this one was good.

Here’s exactly how it happened.


✉️ Step 1: The Email That Looked Completely Legit


It started like any other collaboration request.

Except this one was different. No broken English. No suspicious links. No “dear influencer”. Just a clean, professional email from someone named Megan introduced as a PR Manager at H&M saying they’d noticed my profile and wanted to work together.I did what anyone would do.

I Googled her.


She exists. Real LinkedIn profile. Real job title. So I kept reading.



📄 Step 2: They Did Everything Right And I mean everything.


• A detailed collaboration proposal

• A registration form on SurveyMonkey (a platform you’ve probably used yourself)

• A PDF contract with terms and conditions

• And when I submitted my rate? They accepted it. No negotiation.

That last part felt good.

Maybe a little too good.

But I kept going because I wanted to see exactly how far this would go.



🔍 Step 3: One Detail. That’s All It Took.

While reviewing the email one more time, I noticed something small.

The sender’s address.

[[email protected]]

Not @hm.com.

Not any corporate domain.

Just… Gmail.

A company worth billions.

Reaching out from a free email account.

There it was.



So What Was Actually Going On?


This wasn’t your typical scam the kind you spot in two seconds and delete.

This was a multi-step social engineering attack.

Carefully built. Deliberately paced. Designed to feel normal.


Here’s the structure:

1. Real identity: a LinkedIn profile that actually exists

2. Professional tone: no red flags in the language

3. Trusted tools: SurveyMonkey, PDF contracts, familiar platforms

4. Positive reinforcement: they agree to your terms, making you feel chosen

Each step is designed to lower your guard.

By the time you reach the end, you’re not questioning it anymore.

You’re just excited.

And that’s exactly the point.


⚠️ Why It Works So Well

Because it doesn’t feel like a scam.

It feels like an opportunity.

It uses real names, real platforms, real processes.

The only thing that isn’t real is the intent.


🛡️ This Isn’t Just an Influencer Problem

The same logic shows up in corporate inboxes every day.

Fake invoices from “trusted vendors”.

Urgent requests that look like they came from the CEO.

Onboarding forms that harvest data quietly.

The format changes. The psychology doesn’t.

This is exactly what we focus on at LetzSecure. Not the obvious attacks, but the realistic ones. The ones that actually fool people. Because understanding how these situations work is the first step to not falling for them.


💡 What To Check Before You Trust Anything

• The email domain!!! not the display name, the actual address

• Inconsistencies in the process, what feels off, even slightly?

• Anything that feels too easy: no negotiation, no pushback, no friction

• Requests involving personal or financial data even “just to complete the form”

One detail is often enough.

You just have to be looking for it.


✨ Final Thought

This wasn’t a badly written email from some Prince.

This was carefully built. Step by step. Designed to feel completely normal.

And for most people it would have worked.

If you’re not used to looking for these things, you might not even know what felt wrong until it was too late.

That’s exactly why we talk about it openly at LetzSecure.

Because awareness is the first line of defence.

And sometimes, all it takes is knowing what to look for.