Active Invitation to Bid Phishing Alert

Invitation to Bid Phishing Alert Cincinnati

Phishing Alert: We have observed an active phishing actor who has been compromising many companies in the Cincinnati area. After compromising a user’s email account, the attacker has been observed to look for sensitive information in the mailbox and then send out a mass email from the victim’s account with a link pointing to a phishing site hosted by the attacker used to steal additional users’ credentials.

Since January 20, 2022, prompting our phishing alert, we have seen many of our clients targeted by this threat actor, with the phishing emails coming from many different compromised companies in the Cincinnati area. In all the emails we have seen, the threat actor has been using very similar tactics and techniques to perform this attack.

From what we have seen so far, the subject of the phishing emails starts with “Invitation to Bid – : ” and then includes the compromised company name in the subject. For example, if Company A was compromised, the subject would be “Invitation to Bid – : Company A”.

The phishing email itself has a link pointing to an initial landing webpage, which itself is not harmful, but it contains a link to another site hosting a fake Microsoft login page, which is used to steal users’ credentials. The initial location of the landing page is hosted on a platform that has legitimate use cases, making it difficult for security teams to block without potentially impacting legitimate business operations.

Phishing Alert: Example Email

Invitation to Bid Phishing Alert Cincinnati Email Example

Example Initial Phishing Webpage

Invitation to Bid Phishing Alert Cincinnati Email Phishing Website

Look-a-like Microsoft Webpage

Invitation to Bid Phishing Alert Cincinnati Email Phishing Microsoft Website
Posted in
Chaim Black - Profile - Intrust IT Support Cincinnati

Chaim Black

Chaim Black is a Cyber Security Analyst, providing a full scope of IT and cybersecurity services to a wide range of businesses, municipalities and manufacturing plants.

Share this Blog

Enterprise Password Management Promo Wide

Is Your Name or Birthday a Part of Your Password?

If so, you’re a part of the 59 percent of people who don’t follow proper password hygiene. More than 70 percent of passwords are used for more than one system, meaning if cybercriminals crack one, they can access a lot more accounts.

Our free Enterprise Password Management Guide will give you the best password hygiene practices to help you secure your computer and your business.

Download the Guide

Explore the Latest Trends in IT

Fundamentals of Information Technology Management - Intrust

IT 101: What Is Information Technology Management?

When was the last time you stopped to think about how your business relies on technology? Information technology management is...
Avoid Pig-Butchering - Intrust IT

Pig-Butchering Scams: What They Are and How to Stay Safe

At Intrust IT, we understand that it may feel like the specter of cybersecurity is always breathing down your neck....
3 Reasons to Replace Aging Equipment - Intrust IT

Three Compelling Reasons Your Company Should Replace Its Aging Computers Before Year-End

As the end of the year approaches, businesses everywhere are evaluating their budgets and looking for strategic opportunities to invest...
What are managed services - Intrust IT

What Are Managed Services? And What Are the Benefits?

Running a business in today’s tech-driven world means you need reliable IT infrastructure. But let’s be honest, managing IT in-house...
Windows 10 End of Life How This Could Impact Your Business - Intrust IT

Windows 10 End of Life: How It Could Impact Your Business

As Microsoft officially plans to end support for Windows 10 on October 14, 2025, businesses need to begin thinking ahead....
AI implementation Roadmap Intrust IT

Master AI Integration With Our AI Implementation Roadmap Guide

AI is one of the greatest technological breakthroughs of the last few years. It has become our handy assistant, data...