Attackers Impersonate DoT in Two-Day Phishing Scam
Threat actors allegedly impersonated the US Department of Transportation in a two-day phishing campaign, leveraging the recent $1 trillion infrastructure bill. The cyber attackers created new domains mimicking the real DoT site. The campaign combined a series of tactics, such as creating seemingly legitimate domains to evade security detections and luring victims in by demonstrating the potential of bidding for projects benefitting from the recent bill. Researchers at INKY, an e-mail security provider, detected 41 phishing emails that were a part of the campaign between August 16 and 18.
The campaign targeted companies in the engineering, energy, and architecture industries to elevate the appeal of projects resulting from the infrastructure bill. The initial phishing email claimed to be from the USDOT inviting the companies to submit a bid for a department project by clicking on a malicious button. The emails themselves were launched from a domain registered on August 16. The site was specifically set up for the phishing campaign and was designed to trick targets into thinking it was a legitimate USDOT site.