This Microsoft 365 phishing campaign is using some crafty US government lures

US Government contractors are most at risk of attack

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Hackers are reportedly running a series ofphishingcampaigns impersonating several departments of the United States government, including the Department of Labor and the Department of Transport.

The emails, targeted at government contractors, claim to request bids for government projects but lead victims to credential phishing pages instead.

According to a blog post on the campaign by cybersecurity company Cofense,these campaigns have been ongoingsince at least mid-2019.

How did the camapaign work?

The campaigns targeted companies across a variety of sectors according to the blog but focused most heavily on the energy and professional services sectors, including construction companies.

The attackers likely targeted companies that could credibly receive invitations to bid from the relevant government department.

Disturbingly, the researchers said that the campaign became increasingly advanced as time went on.

According to Credio, early emails had more simplisticemailbodies without logos and with relatively straightforward language, however, the more recent emails made use of logos, signature blocks, consistent formatting, and more detailed instructions.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Recent emails also include links to access the PDFs rather than directly attaching them.

Older PDFs had little customization, and all listed the same “edward ambakederemo” as the author of the document.

But now,  the newer PDFs are said to use metadata consistent with the authentic copies of the documents.

Cloudflare says it was almost fooled by a phishing attack

Watch out - that WeTransfer link could be a phishing scam

Our guide to the best ID theft protection

Cofense acknowledged that “given the advancements seen in each area of the phishing chain, it is likely the threat actors behind these campaigns will continue to innovate and improve upon their already believable campaigns”.

The firm advised readers to ensure all employees do not click malicious links in the first place as the main priority.

Cofense also advises readers to ensure employees realize this need for caution applies to attachments just as much as it does to links directly embedded in emails, and they should carefully examine both links and sender information can also help here.

Will McCurdy has been writing about technology for over five years. He has a wide range of specialities including cybersecurity, fintech, cryptocurrencies, blockchain, cloud computing, payments, artificial intelligence, retail technology, and venture capital investment. He has previously written for AltFi, FStech, Retail Systems, and National Technology News and is an experienced podcast and webinar host, as well as an avid long-form feature writer.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics