Security News > 2022 > January > Office 365 phishing attack impersonates the US Department of Labor
A new phishing campaign impersonating the United States Department of Labor asks recipients to submit bids to steal Office 365 credentials.
The phishing campaign has been ongoing for at least a couple of months and utilizes over ten different phishing sites impersonating the government agency.
In a new report by email security firm INKY, who shared the report with Bleeping Computer before publication, researchers illustrated how the phishing attack is used to steal credentials.
Those who bid for a project will be taken to a credential harvesting form that targets their Microsoft Office 365 email address and password.
We saw something similar in December 2021, with phishing actors impersonating Pfizer and using well-crafted PDF attachments to invite recipients to submit bids to the pharmaceutical company.
In this case, the most obvious sign of the scam would be the Department of Labor requiring anyone to log in with Office 365 credentials to view a document, something that isn't the case on any U.S. government website.
News URL
Related news
- Iran Cyber Attack: Fox Kitten Facilitates Ransomware in US (source)
- Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks (source)
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Healthcare attacks spread beyond US – just ask India's Star Health (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- China again claims Volt Typhoon cyber-attack crew was invented by the US to discredit it (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Phishing scams and malicious domains take center stage as the US election approaches (source)