Microsoft 365 phishing attacks pose as US government agencies

There is an ongoing phishing campaign aimed at US government contractors that has grown to include higher-quality lures and better-crafted documents. Phishing emails show a request for bids on lucrative government projects, which lead to pages that look exactly like legitimate federal agency portals.

This appears to be the same operation that INKY reported on in January this year, with the actors attaching PDFs with instructions on how to bid on US Department of Labor projects.

This campaign’s operatives don’t appear to be stopping anytime soon, as they are now expanding their targeting scope while refining their lures.

Given that the emails, PDFs, and websites used in the phishing operation are primarily copies of official content, detecting signs of fraud may be difficult.