An unidentified group is reportedly putting much effort into a complicated scam to steal the login credentials of government personnel. The targets are procurement websites in which governments place notices for purchasing all sorts of products such as trucks and desks, IT World Canada reported, citing a report from The Anomali Threat Research Team.
The scam begins when a company gets a bogus invitation via email to place a bid on a government contract. Companies that are typically able to view offers have registered with the government already and have made a password as well as a user name to help them log in.
While the email contains a link to what should be a website for procurement, the victim views a convincing facsimile. The victim is then offered a choice of logging in through email credentials from providers such as Google, Microsoft and Yahoo. Anomali, a security firm, says it has found bogus websites of the U.S., Mexico, Canada, Sweden, Australia and South Africa.
Two international courier websites were also reportedly spoofed. According to the report, the scheme is complicated for companies as the fake sites’ internet addresses are convincing. And, even though none of the bogus websites are currently active, the news report notes, “that doesn’t mean they won’t be shortly.”
Anomali wrote in a document on its website, “At present, it is not clear who the threat actors are, but it does appear to be a persistent attack. Spoofed phishing site domains are hosted in Turkey and Romania. The campaign is currently dormant.”
In separate news, researchers at Agari were warning of Silent Starling, the newest cybercriminal ring using a vendor email compromise (VEC) scam to purloin company cash from supply chains per news in October. Hackers infiltrate employee email accounts within a B2B supplier’s finance departments, with the inclusion of procurement and accounts receivable.
Hackers spy on the email correspondents and they then use that data to write emails at strategic times, asking for an invoice payment, which is a sophisticated iteration of the business email compromise (BEC) scam that is “particularly hard to spot,” Agari noted.