Phishers are targeting would-be tenderers to the Department of Infrastructure and Regional Development with an email and fake AusTender landing page.
The campaign, reported by threat intelligence firm Anomali, was designed “to lure users into disclosing their account credentials by registering for eligibility to bid on commercial projects in 2019,” the firm said in a blog post.
The email invites recipients to login to the fake AusTender site in order to register to participate in “sealed tenders”.
“To invoke a sense of urgency, the site claims that the deadline for tender submissions is no later than January 28th, 2019,” Anomali said.
“At this time there are no known compromises; however, it would be advisable for individuals and companies interested in pursuing government contracts be wary of unsolicited emails claiming to be from the Australian Government Department of Infrastructure and Regional Development.
“It would also be prudent for all government entities to ensure adequate messaging is presented to make prospective bidders aware of the correct procedures when applying for tenders or bids and provide relevant security warnings of such illegitimate phishing scam campaigns.”
Coinciding with the timing that Anomali said it observed the campaign in action, the department issued a scam notification of its own.
It said it had reported the campaign to the Australian Cybercrime Online Reporting Network (ACORN) and to the ACCC-run Scamwatch.