Government contractors targeted by malicious actors


IT personnel working to fight against the malicious emails have a proper concept about the financial transactions along with the numerous documents with support as well as a company those transactions. It provides malicious actors with little fodder for phishing attacks that are designed to separate legitimate firms from their reputations and money as well as their clients, customers, and partners.

Fake invoices, ACH, Pos and RFQs documents along with the remittance forms constitute the backbone of social engineering of phishing campaigns. Hapless employees keep falling into this trap by clicking the malicious links as well as opening the malware affected attachments. This brings the malicious actors along with their sophisticated malware setup inside the network of the employer.

In the last few months, there is increased use of another transaction-based social engineering scheme that was designed to whom organizations that are dependent on the government contracts.

Fake Bid Phish Evolution

For quite a while now, fake bid invitations are widely prevalent. In some aspects, they are just the original valuation of the counterfeit RFQ that leverages targeted companies search for new deals to dupe employees into opening doors for security breaches, financial mayhem, and costly downtime.

This is a confused and highly malicious email. It is difficult to decide if it’s a fake RFQ or PO.

Irrespective of the mechanical stumbles present in the body of the email, this phishing email represents fake RFQ email blizzards hitting the inboxes of users currently. A huge wallop is packed in the.RAR file

Well, a well designed, executable and old-fashioned Trojan. This is a more polished fake with lucrative “invitation to bid” for “airport project”, run allegedly by a popular hotel chain.

Though is a much-polished version in comparison to the fake RFQ, still, it has some problems as well.

This fake “invitation to bid” heavily rely on the enticing promise of further details, lurking behind malicious links.