Phishing campaign spoofs domain, targets computer vendors

Researchers at Abnormal Security are warning of a convincing phishing campaign targeting Texas computer vendors. The phishing campaign sends emails that impersonate the Texas Department of State Health Services, even going so far as appearing to originate from the domain. Further adding to the legitimacy of the attack is the use of the official Department of State Health Services seal affixed to the emails.

The post from Abnormal Security notes that the campaign primarily targets Microsoft Office 365 users and has been shown to bypass Proofpoint security protocols. At the moment, it has reached roughly 50,000 individuals. Abnormal Security summarizes the phishing campaign’s attack methodology as follows:

The email addresses the sales department with a brief message expressing interest in purchasing 20 laptops and 200 external hard drives with specifications for each. The order form contains a phone number and a billing address for the items to be sent within the next 30 days. The attached PDF is disguised as a Request for Quotation (RFQ), but is actually a scam for fake solicitation of goods. There is no ship to address (listed as TBD), and the phone number provided is not associated with the bill to address, although the area code is in Texas and does match the area code for the department of state health services phone number. This is a social engineering tactic aimed to engage recipients into requesting the ship to address, either by email or phone.

There is no indication who is behind the phishing attacks, and more specifically, why they chose to target Texas businesses. It is not known, or at least not mentioned in Abnormal Security’s post, how many victims there have been among the 50,000 addressees targeted. If you have a business located in Texas, be on the lookout for this particular social engineering phishing campaign. While it currently targets Microsoft Office 365 clients, this could change at any time. Practice common sense, especially when you are supposedly being contacted by a government agency.

Phishing campaigns love using this tactic because it works. Don’t fall for it.

Featured image: Flickr/Ed Schipul

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Incident management startups to help you put out the fires

Incident management used to be about debugging code, but in an always-on world the stakes…

3 days ago

Ask Our Readers: Best resources for a Windows expert to learn Linux

Our esteemed Windows expert asks his readers for advice on the best way of coming…

3 days ago

Azure DevOps service connections: How to set them up and use them

Want to make managing RBAC permissions at the subscription/management group level a breeze? Start using…

4 days ago

Update alert: Google patches zero-day Chrome vulnerability

Google has patched a dangerous zero-day vulnerability in its Chrome browser. But now it’s up…

4 days ago

4 startups out to simplify enterprise document management

The document management software market is booming as companies continue their massive migration toward remote…

4 days ago

GDPR two years later: Many successes, but challenges remain

It’s been 2½ years since the GDPR went into effect. While most businesses have adapted…

5 days ago