New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Phishing Campaign Impersonates New York Department of Labor to Steal Private Information

Threat actors have launched a new phishing campaign where they send fake emails that appear to come from New York’s Department of Labor. The fake emails, which include the real logo for the State’s department of labor, attempt to trick people into giving up personal information in order to receive aid for the ongoing pandemic. If these attempts are successful, threat actors gain enough information to steal the individual’s identity or sell the information on the dark web. The threat actors disguise their identity with a display name of [email protected] when in reality, the real email address is naij30[@], a Panamanian registered domain with no association to the State of New York. The email also adds a sense of urgency making victims feel as though they may miss out on the government aid if they don’t act fast.

Analyst Notes

Phishing scams are not new and are becoming more and more prevalent. Attackers often use phishing scams in conjunction with a subject of great interest, in this case, the government relief for the COVID-19 pandemic. Often times these scams include an urgent call to action or threats, so be suspicious of emails that claim you must click, call, or open an attachment immediately. Spelling and grammar errors are also common in phishing scams as are suspicious links and mismatched domain names. If an email claims to be from a reputable company but the email came from a separate domain, it is likely a scam. Federal agencies and financial institutions rarely send requests for sensitive personal information—if an individual receives such a request, it is always important to verify the source and contact the organization for clarification. For individuals who are victim of a phishing scam, it is important to change the passwords to any accounts or logins that may be affected. Additionally, users should ensure all accounts have multi-factor authentication enabled. Notify financial institutions immediately so they can monitor accounts for suspicious activity and report the incident to the appropriate law enforcement agency.