Researchers at Abnormal Security are warning of a convincing phishing campaign targeting Texas computer vendors. The phishing campaign sends emails that impersonate the Texas Department of State Health Services, even going so far as appearing to originate from the dshs.texas.gov domain. Further adding to the legitimacy of the attack is the use of the official Department of State Health Services seal affixed to the emails.
The post from Abnormal Security notes that the campaign primarily targets Microsoft Office 365 users and has been shown to bypass Proofpoint security protocols. At the moment, it has reached roughly 50,000 individuals. Abnormal Security summarizes the phishing campaign’s attack methodology as follows:
The email addresses the sales department with a brief message expressing interest in purchasing 20 laptops and 200 external hard drives with specifications for each. The order form contains a phone number and a billing address for the items to be sent within the next 30 days. The attached PDF is disguised as a Request for Quotation (RFQ), but is actually a scam for fake solicitation of goods. There is no ship to address (listed as TBD), and the phone number provided is not associated with the bill to address, although the area code is in Texas and does match the area code for the department of state health services phone number. This is a social engineering tactic aimed to engage recipients into requesting the ship to address, either by email or phone.
There is no indication who is behind the phishing attacks, and more specifically, why they chose to target Texas businesses. It is not known, or at least not mentioned in Abnormal Security’s post, how many victims there have been among the 50,000 addressees targeted. If you have a business located in Texas, be on the lookout for this particular social engineering phishing campaign. While it currently targets Microsoft Office 365 clients, this could change at any time. Practice common sense, especially when you are supposedly being contacted by a government agency.
Phishing campaigns love using this tactic because it works. Don’t fall for it.
Featured image: Flickr/Ed Schipul