Security News > 2022 > January > Phishing attack spoofs US Department of Labor to steal account credentials
A phishing campaign seen by email security provider Inky tries to trick its victims by inviting them to submit bids for alleged government projects.
A phishing email that appears to come from an official government entity is especially deceptive as it carries an air of authority.
A malicious campaign detected by Inky in the latter half of 2021 spoofed the U.S. Department of Labor as a way to harvest the account credentials of unsuspecting victims.
Claiming to come from a senior Department of Labor employee handling procurement, the emails invited the recipients to bid on "Ongoing government projects." A PDF attached to the email looked like an official DoL document with all the right visuals and branding.
Fourth, the attackers presented what seemed to be a real government website but then redirected victims to a phishing form where their credentials could be captured.
In an instance like this, you would not be asked to log in with your email or account credentials on a totally different network.
News URL
Related news
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- Mega US healthcare payments network restores system 9 months after ransomware attack (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Vodka maker Stoli files for bankruptcy in US after ransomware attack (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Inside the incident: Uncovering an advanced phishing attack (source)