Security News > 2022 > January > Phishing attack spoofs US Department of Labor to steal account credentials
A phishing campaign seen by email security provider Inky tries to trick its victims by inviting them to submit bids for alleged government projects.
A phishing email that appears to come from an official government entity is especially deceptive as it carries an air of authority.
A malicious campaign detected by Inky in the latter half of 2021 spoofed the U.S. Department of Labor as a way to harvest the account credentials of unsuspecting victims.
Claiming to come from a senior Department of Labor employee handling procurement, the emails invited the recipients to bid on "Ongoing government projects." A PDF attached to the email looked like an official DoL document with all the right visuals and branding.
Fourth, the attackers presented what seemed to be a real government website but then redirected victims to a phishing form where their credentials could be captured.
In an instance like this, you would not be asked to log in with your email or account credentials on a totally different network.
News URL
Related news
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Healthcare attacks spread beyond US – just ask India's Star Health (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- China again claims Volt Typhoon cyber-attack crew was invented by the US to discredit it (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Phishing scams and malicious domains take center stage as the US election approaches (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- China's Volt Typhoon reportedly breached Singtel in 'test-run' for US telecom attacks (source)