Government departments worldwide were targeted in phishing campaigns focused on procurement portals, according to a report.
The report, by cyber security firm Anomali, said procurement portals were spoofed to harvest credentials. Criminals could have been motivated by “a financial incentive to out-compete a rival bidder” or to gain information on supplier relationships with the government.
The report identified spoofed sites from agencies including the US Department of Energy, US Department of Commerce, Australian Government eProcurement Portal, Sweden’s National Public Procurement Agency and DHL International.
The campaigns targeted government portals, email services, and delivery, postage and transportation firms, with over 80% of the spoofed organisations being government services.
The report said that the campaigns were likely targeting “a potential supplier or contractor bidding as part of procurement services”.
Over 50 phishing sites were masquerading as US government sites. However, various other countries were targeted including China, Singapore, Sweden, South Africa, Mexico, Japan, Malaysia, Poland, Peru, Canada and Australia.
Government departments and private companies that use the procurement services on specific sites to find buyers and suppliers could have fallen victim to the phishing campaign, said the report.
The phishing sites were designed to steal people’s information. Anomali said that phishing emails were sent containing links to spoof websites that looked like legitimate login pages.
This lured victims into following the email link, which would then invite them to log in, and could result in the victim providing their credentials.
Most “lure documents” sent via emails were written in the native language of the country, apart from South Africa, which was written in English.
The criminals behind the phishing campaign, who are currently inactive, have not been identified but domains of spoofed websites were found to be in Turkey and Romania, said the report.
☛ Want to stay up to date with the news? Sign up to our daily bulletin.