PIn December, the NJCCIC observed a phishing campaign targeting New Jersey contractors and claiming to be from the US Department of Transportation. While the emails used in these campaigns may be difficult to distinguish from an official email, the sender email address andattached links are not from official “.gov” domains. The threat actors behind the campaign use “.us” prefaced by “.gv” or “dot” to appear more legitimate at first glance.

One website contains multiple links that encourage contractors to sign up to submit a bid and asks users to sign in using email login credentials, similar in appearance to an official US government login screen. Users are also prompted to log in with Office 365 or other business credentials. The NJCCIC advises against downloading attachments or clicking links delivered with unexpected emails from unverified senders.+ The NJCCIC also reminds users that legitimate domains from the US government contain a .gov suffix and any website claiming to be a government domain without using that suffix should be treated with suspicion. Users who submitted account credentials on a fraudulent website are advised to change their password and enable multi-factor authentication (MFA). Additionally, phishing emails and other malicious cyber activity can be reported to the  FBI’s Internet Crime Complaint Center and the NJCCIC. If you have any further questions, contact us here at Cyber Command.