Security News > 2021 > September > Attackers Impersonate DoT in Two-Day Phishing Scam

Threat actors impersonated the U.S. Department of Transportation in a two-day phishing campaign that used a combination of tactics - including creating new domains that mimic federal sites so as to appear to be legitimate - to evade security detections.

The date of its creation - revealed by WHOIS - seems to signal that the site was set up specifically for the phishing campaign.

"Either the site was hijacked, or the site owners are themselves the phishers who used it to impersonate the USDOT," Kay noted.

Once victims closed the instructions, they were directed to an identical copy of the real USDOT website that the attackers created by copying HTML and CSS from the government's site onto their phishing site.

In a twist, threat actors also copied and pasted in a real warning about how to verify actual U.S. government sites, which could alert savvy victims that they were being scammed by realizing that the phishing site domain ended in.com rather than.

Though attackers didn't use any particular new phishing tricks in their campaign, it was the combination of tactics in a new pattern that allowed them to get the emails through secure email gateways, Kay said.

News URL

https://threatpost.com/attackers-impersonate-dot-phishing-scam/169484/