Active Invitation to Bid Phishing Alert

Invitation to Bid Phishing Alert Cincinnati

Phishing Alert: We have observed an active phishing actor who has been compromising many companies in the Cincinnati area. After compromising a user’s email account, the attacker has been observed to look for sensitive information in the mailbox and then send out a mass email from the victim’s account with a link pointing to a phishing site hosted by the attacker used to steal additional users’ credentials.

Since January 20, 2022, prompting our phishing alert, we have seen many of our clients targeted by this threat actor, with the phishing emails coming from many different compromised companies in the Cincinnati area. In all the emails we have seen, the threat actor has been using very similar tactics and techniques to perform this attack.

From what we have seen so far, the subject of the phishing emails starts with “Invitation to Bid – : ” and then includes the compromised company name in the subject. For example, if Company A was compromised, the subject would be “Invitation to Bid – : Company A”.

The phishing email itself has a link pointing to an initial landing webpage, which itself is not harmful, but it contains a link to another site hosting a fake Microsoft login page, which is used to steal users’ credentials. The initial location of the landing page is hosted on a platform that has legitimate use cases, making it difficult for security teams to block without potentially impacting legitimate business operations.

Phishing Alert: Example Email

Invitation to Bid Phishing Alert Cincinnati Email Example

Example Initial Phishing Webpage

Invitation to Bid Phishing Alert Cincinnati Email Phishing Website

Look-a-like Microsoft Webpage

Invitation to Bid Phishing Alert Cincinnati Email Phishing Microsoft Website
Posted in
Chaim Black - Profile - Intrust IT Support Cincinnati

Chaim Black

Chaim Black is a Cyber Security Analyst, providing a full scope of IT and cybersecurity services to a wide range of businesses, municipalities and manufacturing plants.

Share this Blog

Enterprise Password Management Promo Wide

Is Your Name or Birthday a Part of Your Password?

If so, you’re a part of the 59 percent of people who don’t follow proper password hygiene. More than 70 percent of passwords are used for more than one system, meaning if cybercriminals crack one, they can access a lot more accounts.

Our free Enterprise Password Management Guide will give you the best password hygiene practices to help you secure your computer and your business.

Download the Guide

Explore the Latest Trends in IT

AI implementation Roadmap Intrust IT

Master AI Integration With Our AI Implementation Roadmap Guide

AI is one of the greatest technological breakthroughs of the last few years. It has become our handy assistant, data...
9 days on a cruise - Intrust IT

Redefining Culture in IT Companies: Nine Days Away on an American River Cruise

What would you do with nine days away from your keyboard? Would you take a relaxing vacation? Or spend time...
National Public Data Breach- Intrust IT

Was Your SSN Leaked? Understanding the Impact of a National Public Data Breach

A recent national public data breach has sent shockwaves through the country, exposing the sensitive data of millions of Americans....
What are Managed IT Services A Simple Guide Intrust IT

What Are Managed IT Services? A Simple Guide

Whether you are a part of a large corporation or a smaller business, you likely have run into IT issues...
Why Is Cybersecurity Important For Protecting Your Business - Intrust IT

Why Is Cybersecurity Important? What You Need to Know 

We are all more connected to technology than ever before. Businesses simply can’t succeed without using technology. However, this increased...
What Is Cybersecurity And Why Is It Important To Your Business?

What Is Cybersecurity? What Do You Need to Know?

Our world is more connected to the internet than ever, meaning more and more of our personal data is online....