Friend
Professional
- Messages
- 2,653
- Reaction score
- 851
- Points
- 113
Why do U.S. officials voluntarily let hackers into their networks?
Researchers at Perception Point have identified a new phishing campaign aimed at U.S. contractors of federal projects. In this attack, which experts have dubbed the "Uncle Scam" (consonant with "Uncle Sam", a popular slang term for the United States), attackers disguise themselves as representatives of U.S. government agencies, such as the Department of Energy and the Department of Labor, to distribute fake invitations to bid.
The main mechanism of the attack is to send fake emails claiming to be from the US Administration General Service (GSA). The letters contain calls to urgently apply for participation in state projects, and for this users are invited to follow the link. However, instead of the real GSA website, the link leads to a phishing copy that is visually almost indistinguishable from the original.
The site to which the victims get is carefully thought out: when they try to register, real pages from a government resource are opened, which strengthens the credibility of the site. In addition, a CAPTCHA system is used, which makes it difficult to automatically detect malicious activity.
After the user enters their real credentials on the fake page, they fall into the hands of attackers. This data can then be used for further attacks, stealing sensitive information or money, making such attacks particularly dangerous for government contractors.
One of the key elements of the attack is the use of the Microsoft Dynamics 365 marketing platform. Attackers create subdomains and send emails from a trusted dyn365mktg.com address that is pre-authenticated and complies with DKIM and SPF standards. This allows phishing emails to bypass filters and reach their intended recipients without suspicion.
The analysis showed that the campaign actively uses modern technologies, including large language models (LLMs). These models allow you to create high-quality phishing emails with minimal differences, which helps to scale the attack. The use of AI allows criminals not only to avoid grammatical mistakes, but also to maintain contextual accuracy and a professional tone of messages.
Overall, this campaign stands out for its level of complexity and persuasiveness. Thanks to thoughtful details such as multi-step registration and genuine site elements, the phishing operation becomes extremely difficult to detect, even for experienced users.
Experts recommend that organizations take additional security measures, including regular training of employees, the implementation of advanced anti-phishing tools, as well as a more thorough check of the emails and links they receive.
Source
Researchers at Perception Point have identified a new phishing campaign aimed at U.S. contractors of federal projects. In this attack, which experts have dubbed the "Uncle Scam" (consonant with "Uncle Sam", a popular slang term for the United States), attackers disguise themselves as representatives of U.S. government agencies, such as the Department of Energy and the Department of Labor, to distribute fake invitations to bid.
The main mechanism of the attack is to send fake emails claiming to be from the US Administration General Service (GSA). The letters contain calls to urgently apply for participation in state projects, and for this users are invited to follow the link. However, instead of the real GSA website, the link leads to a phishing copy that is visually almost indistinguishable from the original.
The site to which the victims get is carefully thought out: when they try to register, real pages from a government resource are opened, which strengthens the credibility of the site. In addition, a CAPTCHA system is used, which makes it difficult to automatically detect malicious activity.
After the user enters their real credentials on the fake page, they fall into the hands of attackers. This data can then be used for further attacks, stealing sensitive information or money, making such attacks particularly dangerous for government contractors.
One of the key elements of the attack is the use of the Microsoft Dynamics 365 marketing platform. Attackers create subdomains and send emails from a trusted dyn365mktg.com address that is pre-authenticated and complies with DKIM and SPF standards. This allows phishing emails to bypass filters and reach their intended recipients without suspicion.
The analysis showed that the campaign actively uses modern technologies, including large language models (LLMs). These models allow you to create high-quality phishing emails with minimal differences, which helps to scale the attack. The use of AI allows criminals not only to avoid grammatical mistakes, but also to maintain contextual accuracy and a professional tone of messages.
Overall, this campaign stands out for its level of complexity and persuasiveness. Thanks to thoughtful details such as multi-step registration and genuine site elements, the phishing operation becomes extremely difficult to detect, even for experienced users.
Experts recommend that organizations take additional security measures, including regular training of employees, the implementation of advanced anti-phishing tools, as well as a more thorough check of the emails and links they receive.
Source
