Phishers Impersonate US DOT to Target Contractors after Senate Passed $1 Trillion Infrastructure Bill

A new phishing campaign has been uncovered targeting companies that may work with the US Department of Transportation. 

The campaign, discovered by security company INKY, found that phishers are impersonating the US Department of Transportation (DOT) in an effort to harvest Microsoft Office 365 credentials, INKY's Roger Kay wrote in a blog post

Kay noted that the phishing emails peaked around August 16-18, right after the US Senate passed the $1 trillion infrastructure bill on August 10.

Dozens of phishing emails sought to impersonate the DOT, with attackers contacting multiple companies in the engineering, energy architecture industries asking them to submit bids for federal contracts.  

"The basic pitch was, with a trillion dollars of government money flowing through the system, you, dear target, are being invited to bid for some of this bounty," Kay said.

"By creating a new domain, exploiting current events, impersonating a known brand, and launching a credential harvesting operation, the phishers came up with an attack just different enough from known strikes to evade standard detection methods."

Kay explained that attackers sent their phishing emails from "transportationgov[.]net," a newly created domain intended to impersonate the usual government emails that come from .gov addresses.

Amazon was the new domain's registrar, Kay added, and the site was registered on August 16. 

"In the initial pitch, recipients were told that USDOT was inviting them to submit a bid for a department project by clicking a big blue button that said, 'CLICK HERE TO BID.' Recipients who clicked on the button were led to a site --[.]com -- with reassuring-sounding subdomains like 'transportation,' 'gov,' and 'secure.' But the base domain -- akjackpot[.]com -- was registered in 2019 and hosts what may or may not be an online casino that appears to cater to Malaysians. Either the site was hijacked, or the site owners are themselves the phishers who used it to impersonate the USDOT," Kay wrote.

Read Full Article: