Cloned Dept. of Labor Site Hawks Fake Government Contracts

image
A new phishing campaign is targeting aspiring government vendors with an invitation to bid on various fake federal projects with the U.S. Department of Labor. Emails branded to look like legitimate communications from the DoL contain malicious links that, rather than leading to a government procurement portal, harvest the credentials of anyone who attempts to login, according to a new report from threat researchers at INKY. “In this campaign, the majority of phishing attempts had sender email addresses spoofed to look as if they came from no-reply@dol[.]gov, which is the real DoL site,” the INKY team reported in a Wednesday report. “A small subset were spoofed to look as if they came from no-reply@dol[.]com, which is, of course, not the real DoL domain.” The remainder were sent by phishers from lookalikes dol-gov[.]com, dol-gov[.]us and bids-dolgov[.]us. The phishing lure email texts claim that the DoL is soliciting bids for “ongoing government projects,” and included a .PDF file attached with government branding. The threat researchers said the efforts were “well-crafted.” “Click on the button below to access our website to bid,” the phishing email instructs. Once clicked, the link takes victims to various domains impersonating the DoL. Copy & Paste Spoof of DoL Site The malicious site was a copy-and-paste of the website styling code (both HTML and CSS) from the actual Department of Labor site, with the addition of a bright red link directing victims to a credential…

Source