Researchers from Anomali's research arm have identified a malicious server linked to two phishing campaigns that try to deceive government contractors to send sensitive information to threat actors.
Anomali Labs said Monday its researchers detected on Feb. 23 the online bidding-themed phishing schemes, which lead contractors to fake landing pages mimicking the Department of Labor and the Department of Transportation's eProcurement portal.
Those fraudulent sites work by coaxing contractors into submitting personally identifiable information to the phisher.
The company has advised contractors to be cautious of unsolicited communications from a federal agency and the padlock feature of a particular website as well as contact the agency's contract representative to validate the legitimacy of a website prior to document submission.
Anomali Labs concluded that the “use of spoofed email address of legitimate government employees is a likely sign that threat actors social engineer contractors with email-based attacks.“