"Email Scammers Posed As DOT Officials in Phishing Messages Focused on $1 Trillion Bill"
Threat actors posed as U.S. Department of Transportation (DOT) officials in a phishing campaign shortly after Congress took action on a $1 trillion infrastructure package. As fake DOT officials, the attackers invited targets to bid for some of the $1 trillion, with the aim of harvesting Microsoft Office 365 credentials. The email security company INKY detected 41 phishing emails between August 16 and 18 after the Senate passed the infrastructure bill out of its chamber. The attackers sent their phishing emails from "transportationgov[.]net," a domain intended to impersonate an authentic government website. The phishing site included a big blue button that said, "CLICK HERE TO BID," which led those who clicked to another site with ".gov"-sounding subdomains soliciting email sign-ins and then to a site appearing to be the legitimate DOT website. From there, a credential harvesting form with a Microsoft logo is displayed. The phishers even copied and pasted an actual warning about verifying the legitimacy of U.S. government websites. This article continues to discuss the impersonation of U.S. DOT officials in a phishing campaign aimed at harvesting Microsoft Office 364 credentials from contractors.