A newly discovered phishing campaign is targeting government departments worldwide in what may be an attempt to gain information on government procurement services.

Detailed today by security researchers at Anomali Inc., the campaign uses phishing emails specifically customized to target specific departments using information related to bidding and other procurement processes. Links in the emails then take those targeted through to fake sites that likewise have been designed to imitate real sites so attackers can harvest login credentials.

Government departments have been targeted in the U.S., Canada, China, Australia and Sweden. Those behind the attacks are possibly from Turkey or Romania. In the U.S., targets have included the departments of Energy, Commerce and Veterans Affairs.

“It could be that the adversaries are trying to gain access to potential bidders to undercut the competition or to compromise government suppliers for more long term gain,” an Anomali analyst told ZDNet.

“This new global phishing campaign targeting government departments is a prime example of how sophisticated and convincing cybercrime tactics have become, especially phishing attacks,” Peter Goldstein, chief technology officer and co-founder cybersecurity firm Valimail Inc., told SiliconANGLE. “There is a common misconception that phishing emails are easy to identify because they’ll contain spelling and grammar errors and are clearly not coming from anyone the recipient knows.”

But the truth is that cybercriminals have become extremely adept at crafting emails that look the same as legitimate emails, he said.

“In this particular instance, the hackers are using advanced impersonation techniques, used in over 80% of spear-phishing emails, and even writing emails in the targets’ native language, all with the aim of driving victims to spoofed websites that will steal the victims’ login credentials,” Goldstein added.

James McQuiggan, security awareness advocate at security awareness training firm KnowBe4 Inc., noted that criminal hackers are getting quite sophisticated.

“Criminals will use typosquatting to create a similar website with a transposed character to make it easier for people to fall victim to these types of attacks when they hover over the link in the email,” McQuiggan explained. “Organizations with a strong and robust security awareness program can provide training for employees to be aware of these types of phishing and spear phishing emails. The training can additionally educate the users to be aware of social engineering and to verify any websites before they click on the link.”

Image: Pxhere