Active Invitation to Bid Phishing Alert

Invitation to Bid Phishing Alert Cincinnati

We have observed an active phishing actor who has been compromising many companies in the Cincinnati area. After compromising a user's email account, the attacker has been observed to look for sensitive information in the mailbox and then send out a mass email from the victim's account with a link pointing to a phishing site hosted by the attacker used to steal additional users’ credentials.

Since January 20, 2022, we have seen many of our clients targeted by this threat actor, with the phishing emails coming from many different compromised companies in the Cincinnati area. In all the emails we have seen, the threat actor has been using very similar tactics and techniques to perform this attack.

From what we have seen so far, the subject of the phishing emails starts with “Invitation to Bid – : ” and then includes the compromised company name in the subject. For example, if Company A was compromised, the subject would be “Invitation to Bid – : Company A”.

The phishing email itself has a link pointing to an initial landing webpage, which itself is not harmful, but it contains a link to another site hosting a fake Microsoft login page, which is used to steal users’ credentials. The initial location of the landing page is hosted on a platform that has legitimate use cases, making it difficult for security teams to block without potentially impacting legitimate business operations.

Example Email

Invitation to Bid Phishing Alert Cincinnati Email Example

Example Initial Phishing Webpage

Invitation to Bid Phishing Alert Cincinnati Email Phishing Website

Look-a-like Microsoft Webpage

Invitation to Bid Phishing Alert Cincinnati Email Phishing Microsoft Website
Chaim Black

Chaim Black

Chaim Black is a Cyber Security Analyst, providing a full scope of IT and cybersecurity services to a wide range of businesses, municipalities and manufacturing plants.

Get This Free Resource to Protect Your Business

Checklist: "14 Non-Technical Things You Can Do Today to Protect Your Business from Cyber Crime"

Share this Blog