This super ambitious phishing campaign impersonated the US Department of Labor

News
By
published

Phishing email recipients were instructed to bid on ongoing government projects

Hook on Keyboard
(Image credit: wk1003mike / Shutterstock)

A new phishing campaign has been making the rounds online that convincingly impersonates the US Department of Labor (DoL).

Discovered by the email security company Inky, the majority of phishing attempts used in the campaign spoof sender email addresses to make them appear as if they came from no-reply@dol[.]gov. 

While this is the DoL's real email address, a small subset of email addresses were spoofed to look as if they came from no-reply@dol[.]com instead though the attackers also used other newly created look-alike domains such as dol-gov[.]com, dol-gov[.]us and bids-dolgov[.]us.

Each of the phishing emails sent as part of the campaign invite recipients to submit bids for “ongoing government projects” and claimed to be from a senior DoL employee responsible for procurement. These emails also contained a three-page PDF attachment with well-crafted DoL branding elements to make them appear more legitimate.

Submitting a bid

Recipients interested in participating in the government projects advertised in this phishing campaign were instructed to click on the “BID” button on page two of the attached PDF to access the DoL's procurement portal. However, doing so took them to a malicious domain that impersonated the DoL.

Upon reaching the malicious domain, recipients are greeted with a set of fake instructions on how the DoL's bidding process works. The attackers behind this campaign are quite clever though as closing the instructions takes a user to an identical copy of the real DoL website as the HTML and CSS from the real site was copied and pasted into the phishing site.

Those who clicked on the red “Click here to bid” button were then presented with a credential harvesting form with instructions to sign in and bid using Microsoft Outlook or another business email service. When one of Inky's engineers tried to enter fake credentials, the site displayed a fake incorrect credentials error when in reality, these fake credentials had already been harvest by the attackers. The second time though, the engineer was redirected to the real DoL site to add authenticity to the campaign.

To avoid falling victim to this campaign and others like it, Inky points out that official US government domains typically end in .gov or .mil as opposed to .com or another top-level domain.

We've also featured the best endpoint protection software, best identity theft protection and the best firewall

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Hacker Typing
This devious two-step phishing campaign uses Microsoft tools to bypass email security
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft authentication system spoofed via phishing attack
Someone checking their credit card details online.
Hackers use CAPTCHA scam in PDF files on Webflow CDN to get past security systems
Hook on Keyboard
Fake DocuSign and HubSpot phishing emails target 20,000 Microsoft Azure accounts
Close up of a business person using a smartphone.
Watch out, malicious PDF files are being used again in phishing attacks
Fraude en ligne phishing
Google forced to step up phishing defenses following ‘most sophisticated attack’ it has ever seen
Latest in Security
Woman shocked by online scam, holding her credit card outside
Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
Woman using iMessage on iPhone
UK government guidelines remove encryption advice following Apple backdoor spat
Cryptocurrencies
Ransomware’s favorite Russian crypto exchange seized by law enforcement
Wordpress brand logo on computer screen. Man typing on the keyboard.
Thousands of WordPress sites targeted with malicious plugin backdoor attacks
HTTPS in a browser address bar
Malicious "polymorphic" Chrome extensions can mimic other tools to trick victims
ransomware avast
Hackers spotted using unsecured webcam to launch cyberattack
Latest in News
MacBook Air mute key
The new M4 MacBook Air finally fixes an Apple keyboard annoyance that's been around for decades
A collage of Ellie and Joel in The Last of Us season 2
The Last of Us season 2's new trailer teases a huge showdown between Bella Ramsey's Ellie and Pedro Pascal's Joel, but the big moment I'm waiting for is still being held back
Apple iPhone 16 Pro Max REVIEW
New iPhone 17 Air leak may have revealed some key specs – and how it compares to the iPhone 17 Pro Max
Gaming with AI
I asked Gemini to play a text-based adventure game with me and the AI whisked me away to a word-based fantasy
Apple iPhone 16 Review
Three iPhone 17 model dummy units appear in a hands-on video leak
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
New Samsung Galaxy S25 Edge may have revealed some key details – including its price
More about security
Woman shocked by online scam, holding her credit card outside

Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
Cryptocurrencies

Ransomware’s favorite Russian crypto exchange seized by law enforcement
70mai 360 Omni 4K Dash Cam

I've reviewed dozens of dash cams, and 70mai's new rotating 4K dash cam is unlike any other
See more latest
Most Popular
International Space Station
Is the moon too far for your data? IBM's Red Hat is teaming up with Axiom Space to send a data center into space
Samsung NAND
Well, that's unexpected: Samsung will team up with its fiercest Chinese rival to produce next gen NAND flash
MacBook Air mute key
The new M4 MacBook Air finally fixes an Apple keyboard annoyance that's been around for decades
Gaming with AI
I asked Gemini to play a text-based adventure game with me and the AI whisked me away to a word-based fantasy
A collage of Ellie and Joel in The Last of Us season 2
The Last of Us season 2's new trailer teases a huge showdown between Bella Ramsey's Ellie and Pedro Pascal's Joel, but the big moment I'm waiting for is still being held back
Molecular hard drive
Chinese researchers are looking to create a revolutionary type of hard drive based on organic materials but huge unknowns remain
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 10 (game #1141)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 10 (game #372)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 10 (game #638)
Apple iPhone 16 Pro Max REVIEW
New iPhone 17 Air leak may have revealed some key specs – and how it compares to the iPhone 17 Pro Max