Cloned Dept. of Labor Site Hawks Fake Government Contracts
A convincing yet illegitimate government procurement portal is advertising the opportunity to submit a bid for government projects. However, the site harvests credentials from unassuming victims instead. The phishing campaign is targeting aspiring government vendors with an invitation to bid on fake federal projects within the US Department of Labor. Emails created to look like legitimate Department of Labor communications contain malicious links that redirect targets to a fake portal that is loaded with credential stealers. Threat researchers at INKY detailed the campaign, which consisted of several phishing attempts.
The spoofed email address look as if it came from a real Department of Labor site, however, it is not the real domain and contains a .com ending rather than the correct .gov domain. The phishing lure claims that the Department of Labor is soliciting bids for ongoing government projects and included a PDF file with the department’s branding. INKY stated that the campaign was well-crafted and convincing. Once the target clicks the malicious link, the victim is taken to various domains impersonating the Department of Labor.