Active Invitation to Bid Phishing Alert

Invitation to Bid Phishing Alert Cincinnati

Phishing Alert: We have observed an active phishing actor who has been compromising many companies in the Cincinnati area. After compromising a user’s email account, the attacker has been observed to look for sensitive information in the mailbox and then send out a mass email from the victim’s account with a link pointing to a phishing site hosted by the attacker used to steal additional users’ credentials.

Since January 20, 2022, prompting our phishing alert, we have seen many of our clients targeted by this threat actor, with the phishing emails coming from many different compromised companies in the Cincinnati area. In all the emails we have seen, the threat actor has been using very similar tactics and techniques to perform this attack.

From what we have seen so far, the subject of the phishing emails starts with “Invitation to Bid – : ” and then includes the compromised company name in the subject. For example, if Company A was compromised, the subject would be “Invitation to Bid – : Company A”.

The phishing email itself has a link pointing to an initial landing webpage, which itself is not harmful, but it contains a link to another site hosting a fake Microsoft login page, which is used to steal users’ credentials. The initial location of the landing page is hosted on a platform that has legitimate use cases, making it difficult for security teams to block without potentially impacting legitimate business operations.

Phishing Alert: Example Email

Invitation to Bid Phishing Alert Cincinnati Email Example

Example Initial Phishing Webpage

Invitation to Bid Phishing Alert Cincinnati Email Phishing Website

Look-a-like Microsoft Webpage

Invitation to Bid Phishing Alert Cincinnati Email Phishing Microsoft Website
Posted in
Chaim Black - Profile - Intrust IT Support Cincinnati

Chaim Black

Chaim Black is a Cyber Security Analyst, providing a full scope of IT and cybersecurity services to a wide range of businesses, municipalities and manufacturing plants.

Share this Blog

Enterprise Password Management Promo Wide

Is Your Name or Birthday a Part of Your Password?

If so, you’re a part of the 59 percent of people who don’t follow proper password hygiene. More than 70 percent of passwords are used for more than one system, meaning if cybercriminals crack one, they can access a lot more accounts.

Our free Enterprise Password Management Guide will give you the best password hygiene practices to help you secure your computer and your business.

Download the Guide

Explore the Latest Trends in IT

AI Guiding Principles - Intrust IT

AI Guiding Principles

There’s no longer any debate about if your company should be using AI. With the rapid adoption of AI across...
Edge_vs_Chrome_Security_Intrust IT

Edge vs Chrome Security: Which Is the Best Browser for Your Business?

As a business owner, you shouldn’t have to lose sleep worrying if your vital business information is safeguarded against hackers,...
Password Manager Passkey Intrust IT

Unlocking Security: The Power of Password Managers and Passkeys for Business Professionals

Cyberattacks increasingly impact organizations of every type and size, and they can be devastating. For example ‘My company thrived for...
IntrustIT logo

Intrust IT Acquires Commercial IT Support Division of Entegrity Consulting Group

Effective January 1st, 2025, Intrust IT of Cincinnati, Ohio, proudly completed the acquisition of the commercial IT support division of...
World Backup Day - Intrust IT

World Backup Day: Protect Your Data Before It’s Too Late

Imagine waking up to find every file, photo, and document on your devices gone. There is no warning, no chance...
What's Included in Managed IT Services - Intrust IT

Your Guide: What’s Included in Managed IT Services?

Technology should empower your business, not hold it back. Yet, for many companies, managing IT systems feels like playing whack-a-mole...