Security News > 2022 > January > Phishing attack spoofs US Department of Labor to steal account credentials
A phishing campaign seen by email security provider Inky tries to trick its victims by inviting them to submit bids for alleged government projects.
A phishing email that appears to come from an official government entity is especially deceptive as it carries an air of authority.
A malicious campaign detected by Inky in the latter half of 2021 spoofed the U.S. Department of Labor as a way to harvest the account credentials of unsuspecting victims.
Claiming to come from a senior Department of Labor employee handling procurement, the emails invited the recipients to bid on "Ongoing government projects." A PDF attached to the email looked like an official DoL document with all the right visuals and branding.
Fourth, the attackers presented what seemed to be a real government website but then redirected victims to a phishing form where their credentials could be captured.
In an instance like this, you would not be asked to log in with your email or account credentials on a totally different network.
News URL
Related news
- Iranian charged over attacks against US defense contractors, government agencies (source)
- Hackers target FCC, crypto firms in advanced Okta phishing attacks (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- PetSmart warns of credential stuffing attacks trying to hack accounts (source)
- Flipper Zero WiFi phishing attack can unlock and steal Tesla cars (source)
- MiTM phishing attack can let attackers unlock and steal a Tesla (source)
- New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (source)
- Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (source)
- New StrelaStealer Phishing Attacks Hit Over 100 Organizations in E.U. and U.S. (source)
- Over 100 US and EU orgs targeted in StrelaStealer malware attacks (source)