Back to All Attacks
Attack Date: May 11, 2022
Bid Proposal Credential Phishing Attack
This link-based attack impersonates an external third party using an external compromised account and a bid proposal theme to steal credentials.
Email Content
Subject
NEW BID INVITATION FROM [IMPERSONATED THIRD PARTY NAME]
Body
Good morning,
[Impersonated Third Party Name] is respectfully requesting your company submit a proposal for the attached scope of work. You will find the scope of work and bid set plan along with specific sizing documents associated with this project, please see the link below to view bid:
REVIEW BID PROPOSAL HERE
To those who perform in multiple divisions; quotes for multiple areas of work are welcomed and encouraged. However, please provide separate estimates for each division or area of work that you plan to quote.
Should you have any questions please do not hesitate to reach out to me directly.
Thank you,
Kind regards,
[Impersonated Third Party Employee Name]
[Impersonated Third Party Employee Title]
[Impersonated Third Party Name]