Quote:Threat actors impersonated the U.S. Department of Transportation (USDOT) in a two-day phishing campaign that used a combination of tactics – including creating new domains that mimic federal sites so as to appear to be legitimate – to evade security detections.
Between Aug. 16-18, researchers at e-mail security provider INKY detected 41 phishing emails dangling the lure of bidding for projects benefitting from a $1 trillion infrastructure package recently passed by Congress, according to a report written by INKY’s Roger Kay, vice president of security strategy, that was published on Wednesday.
The campaign – which targeted companies in industries such as engineering, energy and architecture that likely would work with the USDOT – sends potential victims an initial email in which they’re told that the USDOT is inviting them to submit a bid for a department project by clicking a big blue button with the words “Click Here to Bid.”
The emails themselves are launched from a domain, transportationgov[.]net, that was registered by Amazon on Aug. 16, Kay said. The date of its creation – revealed by WHOIS – seems to signal that the site was set up specifically for the phishing campaign.
To anyone familiar with government sites, the domain would appear suspicious given that government sites typically have a .gov suffix. However, “to someone reading through quickly, the domain name might seem at least somewhere in the ballpark of reality,” Kay observed.
Read more: Attackers Impersonate DoT in Two-Day Phishing Scam | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
