Operation Uncle Scam: Simple Tender Threatens State Privacy

10 Sep 2024 9:45 am GMT+0000 Date Time

Phishing Campaign Targeting American Contractors Exposed by Researchers
Researchers at Perception Point recently uncovered a new phishing campaign aimed at American contractors working on federal projects. This attack, dubbed “Uncle Scam” as a play on “Uncle Sam” (a common nickname for the United States), involves attackers posing as representatives of various US government agencies, such as the State Department, Department of Energy, and Department of Labor, in order to distribute fake invitations to bid on projects. The primary method of attack involves sending fraudulent emails purportedly from the General Services Administration (GSA). These emails urge recipients to immediately apply for project opportunities by clicking on a provided link. However, instead of directing users to the legitimate GSA website, the link leads to a phishing page that closely mimics the original site. The phishing pages are designed to closely resemble official government platforms, thereby increasing their credibility. To further enhance the illusion, the attackers incorporate elements such as opening pages from genuine government resources during the registration process. One of the key components of the attack is the use of Captcha, a challenge designed to differentiate between human users and automated bots. Developed by the University of Carnegie Mellon, Captcha presents a problem that is simple for a human to solve but significantly more challenging for a computer.

Phishing Campaign Targeting American Contractors Exposed by Researchers

Researchers at Perception Point recently uncovered a new phishing campaign aimed at American contractors working on federal projects. This attack, dubbed “Uncle Scam” as a play on “Uncle Sam” (a common nickname for the United States), involves attackers posing as representatives of various US government agencies, such as the State Department, Department of Energy, and Department of Labor, in order to distribute fake invitations to bid on projects.

The primary method of attack involves sending fraudulent emails purportedly from the General Services Administration (GSA). These emails urge recipients to immediately apply for project opportunities by clicking on a provided link. However, instead of directing users to the legitimate GSA website, the link leads to a phishing page that closely mimics the original site.

The phishing pages are designed to closely resemble official government platforms, thereby increasing their credibility. To further enhance the illusion, the attackers incorporate elements such as opening pages from genuine government resources during the registration process.

One of the key components of the attack is the use of Captcha, a challenge designed to differentiate between human users and automated bots. Developed by the University of Carnegie Mellon, Captcha presents a problem that is simple for a human to solve but significantly more challenging for a computer.

/Reports, release notes, official announcements.