In a blog post published on Wednesday, Inky details a series of phishing attacks in which the sender address on most of the emails appeared to come from no-reply@dol.gov, the real domain for the Department of Labor. A few of the emails were spoofed to come from no-reply@dol.com, which is not the department’s real domain.
Claiming to come from a senior Department of Labor employee handling procurement, the emails invited the recipients to bid on “ongoing government projects.” A PDF attached to the email looked like an official DoL document with all the right visuals and branding. A BID button on the second page of the PDF took people to what appeared to be the DoL’s procurement portal but was actually a malicious website impersonating the department.