Phishers impersonate US DOT to target contractors after Senate passed $1 trillion infrastructure bill
A new phishing campaign has been uncovered targeting companies that may work with the US Department of Transportation.
The campaign, discovered by security company INKY, found that phishers are impersonating the US Department of Transportation (DOT) in an effort to harvest Microsoft Office 365 credentials, INKY's Roger Kay wrote in a blog post.
Kay noted that the phishing emails peaked around August 16-18, right after the US Senate passed the $1 trillion infrastructure bill on August 10. Dozens of phishing emails sought to impersonate the DOT, with attackers contacting multiple companies in the engineering, energy architecture industries asking them to submit bids for federal contracts. "The basic pitch was, with a trillion dollars of government money flowing through the system, you, dear target, are being invited to bid for some of this bounty," Kay said.