IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Phishing attacks targeting US government have evolved in sophistication, Cofense reports

The scams are aimed at stealing federal employees' Microsoft 365 credentials

Phishing attacks targeting the US Departments of Labor, Commerce, or Transportation have evolved to become more convincing and evasive, Cofense Intelligence revealed.

The credential phishing campaigns, active since mid-2019, have been seen in environments protected by secure email gateways (SEGs), the company added. 

Related Resource

Cyber resiliency and end-user performance

Reduce risk and deliver greater business success with cyber-resilience capabilities

Whitepaper cover with title and text, and image of pyramid cyber-resilience modelFree Download

The emails have developed over time to incorporate legitimate-looking logos, signature blocks, and consistent formatting, including more detailed instructions in PDF documents. Typically, the emails included bid requests for lucrative government projects that lured recipients to phishing pages that mimicked legitimate federal agency websites.

Cybersecurity firm INKY detailed one such incident in January 2022, when threat actors used PDF attachments with instructions for bidding on the US Department of Labor projects.

Adding to the trickery, threat actors have also incorporated longer domain names, such as “transportation[.]gov[.]bidprocure[.]secure[.]akjackpot[.]com” in an attempt to make the website address look legitimate when accessed from mobile browsers that cannot display full-length URLs.

Additionally, on the phishing page that entices visitors into entering their Microsoft Office 365 account credentials, the threat actors have now added a Captcha Challenge step to prevent bots from participating.

“The only place where the threat actors fall slightly behind is their spoofed pages can be out of date, which will likely go unnoticed by most victims,” stated Cofense in its report.

“Given the advancements seen in each area of the phishing chain, it is likely the threat actors behind these campaigns will continue to innovate and improve upon their already believable campaigns,” added Cofense.

Featured Resources

Three ways manual coding is killing your business productivity

...and how you can fix it

Free Download

Goodbye broadcasts, hello conversations

Drive conversations across the funnel with the WhatsApp Business Platform

Free Download

Winning with multi-cloud

How to drive a competitive advantage and overcome data integration challenges

Free Download

Talking to a business should feel like messaging a friend

Managing customer conversations at scale with the WhatsApp Business Platform

Free Download

Recommended

Education and government most at risk from email threats
phishing

Education and government most at risk from email threats

26 Nov 2021
Attackers use CSS to fool anti-phishing systems
phishing

Attackers use CSS to fool anti-phishing systems

11 Nov 2021

Most Popular

What your hybrid workforce needs from their laptops
Advertisement Feature

What your hybrid workforce needs from their laptops

21 Sep 2022
How to secure your hybrid workforce
Advertisement Feature

How to secure your hybrid workforce

23 Sep 2022
BT's new platform promises to slash AI development time from months to days
artificial intelligence (AI)

BT's new platform promises to slash AI development time from months to days

3 Oct 2022