"Phishing Attacks Targeting US Government Have Evolved in Sophistication, Confense Reports"
Phishing attacks on the US Departments of Labor, Commerce, and Transportation have become more convincing and evasive, according to Confense Intelligence. The credential phishing campaigns, which have been active since mid-2019, have been observed in environments protected by Secure Email Gateways (SEGs). Over time, the emails have evolved to include legitimate-looking logos, signature blocks, and consistent formatting, as well as more detailed instructions in PDF documents. Typically, the emails contained bid requests for lucrative government projects that directed recipients to phishing pages that looked precisely like legitimate federal agency websites. In January 2022, threat actors used PDF attachments with instructions to bid on US Department of Labor projects, according to cybersecurity firm INKY. To further complicate matters, threat actors have used longer domain names in an attempt to make the website address appear legitimate when accessed through mobile browsers that cannot display full-length URLs. Additionally, the threat actors have added a Captcha Challenge step to the phishing page that entices visitors to enter their Microsoft Office 365 account credentials in order to prevent bots from participating. This article continues to discuss the growing sophistication of phishing attacks targeting US government agencies.