Security News > 2022 > January > Phishers go after business email credentials by impersonating U.S. DOL

Phishers are trying to harvest credentials for Office 365 or other business email accounts by impersonating the U.S. Department of Labor, Inky's researchers have warned.

Tricks used by the phishers to grab business email credentials.

The email, PDF and the phishing page are very believable.

Some of the emails were able to pass standard email authentication because the attackers sent them from newly created domains imitating the DOL. "Since they are brand new, the domains represent zero-day vulnerabilities; they have never been seen before and typically do not appear in threat intelligence feeds commonly referenced by legacy anti-phishing tools," the researchers explained.

Another clever trick was making the phishing page display a fake "Incorrect Credentials" error when visitors entered their credentials and redirecting them to the real DOL site if they repeated the process.

"Potential victims should be aware that it makes no sense to be asked to log in with email credentials to view a document on a completely different network," they added.

News URL

https://www.helpnetsecurity.com/2022/01/19/phishers-business-email/