Security News > 2022 > January > Phishing attack spoofs US Department of Labor to steal account credentials
A phishing campaign seen by email security provider Inky tries to trick its victims by inviting them to submit bids for alleged government projects.
A phishing email that appears to come from an official government entity is especially deceptive as it carries an air of authority.
A malicious campaign detected by Inky in the latter half of 2021 spoofed the U.S. Department of Labor as a way to harvest the account credentials of unsuspecting victims.
Claiming to come from a senior Department of Labor employee handling procurement, the emails invited the recipients to bid on "Ongoing government projects." A PDF attached to the email looked like an official DoL document with all the right visuals and branding.
Fourth, the attackers presented what seemed to be a real government website but then redirected victims to a phishing form where their credentials could be captured.
In an instance like this, you would not be asked to log in with your email or account credentials on a totally different network.
News URL
Related news
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Clone2Leak attacks exploit Git flaws to steal credentials (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- How to Prevent Phishing Attacks with Multi-Factor Authentication (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)