Hackers Impersonate USDOT in Phishing Scheme [Dark Web]

Cybercriminals lured victims into giving up information by impersonating the US Department of Transportation.

The phishing campaign dangles $1 trillion in funding, inviting companies to submit bids on websites impersonating the DOT. Like with many phishing schemes, this one relies on urgency and impressive numbers by using news of the Infrastructure Investment and Jobs Act.

It is true that in August of 2021, the US Senate passed a 1 trillion dollar infrastructure package. But the bill has only been passed in the Senate. The infrastructure package still needs to pass the House of Representatives and be signed into law to take effect. Still, details shouldn’t get in the way of a good scam.

The campaign uses terse emails as bait, inviting a company to bid on commercial projects via a large blue “Click Here To Bid” button.

Once on the hook, victims are led to a site, transportation.gov.bidprocure.secure.akjackpot[.]com, “with reassuring-sounding subdomains like ‘transportation,’ ‘gov,’ and ‘secure,’ ” notes expert Roger Kay. Upon landing on the impersonated DOT site, users are directed to click a red “Click Here To Bid” button that launches a credential harvesting form with a Microsoft logo and instructions to “Login with your email provider.” Netting additional credentials are a key step in preparing for a cyber attack or business email crime.

CybelAngel Domain Protection helps locate and remove malicious websites impersonating your brand or company from cybersquatting tactics like subdomains. Dual DNS search combined with a domain watchlist to secure dormant domains and “on request takedown” services provides an entire domain protection solution.

For more dark web content, check out our 5 part dark web series.