Global Government Campaign Identifies 120 Phishing Sites
120 phishing websites have been singled out by a multi-government initiative targeting government procurement services, according to a report from security company Anomali.
Anomali is reporting that cloned and spoofed copies of government departments, email services and two postal services were exposed by the campaign, on top of the usual social engineering techniques used by scammers to fool unwitting users into handing over their personal data, and even financial details.
Data released earlier this year from Microsoft shows that there has been an apparent 250% increase in phishing attacks in 2019 compared to 2018 statistics.
The attachments linked to emails sent out would send a user to a spoofed website that looks like a carbon copy of a government service. According to Info Security Magazine, “the US was the most targeted government, with over 50 phishing sites set up to harvest credentials from visitors. However, Canada, Japan, Poland, China, Sweden, Mexico, Australia and Peru were all affected, among other countries.”
“There has been an apparent 250% increase in phishing attacks” Microsoft.
“In total, 62 domains and 122 phishing sites were detected Anomali. Although none of these sites were active at the time of writing, Anomali warned that the group behind them could restart operations in the future.”
“This credential harvesting campaign has been primarily targeting government bidding and procurement services. The focus on these services suggests the threat actor(s) are interested in potential contractor(s) and/or supplier(s) for those governments targeted. The purpose of this insight could be a financial incentive to out-compete a rival bidder, or more long-term insight regarding the trust relationship between the potential supplier and the government in question,” explained the Anomali Threat Research Team.
“Campaigns like these are difficult to protect against because unless the domains hosting the phishing pages are known as malicious, an organization’s firewall will not know to block it. Legitimate sites were also hosting the phishing pages, and were likely compromised as part of the campaign.”