Threat Alert: USDA-Themed Lures Harvest Email Credentials

• Cybercriminals have launched a series of phishing attacks impersonating the U.S. Department of Agriculture (USDA).
• The lures imitate a USDA invitation to bid on ongoing government projects. They include a malicious PDF attachment containing embedded URLs and a QR code. 
• While the lures imitate the USDA, the email sending address does not match. Additionally, the email attachments reference the “USDOA” instead of the proper USDA naming convention.      
• Clicking on either the embedded lures or QR code lead to an imitation USDA website that ultimately harvests Microsoft Office 365 login credentials. 

Key Actions (at Work and at Home)

• Go beyond surface clues. Familiar logos, branding, and names are not automatic indicators that an email or website is safe. Cybercriminals often imitate well-known organizations.     
• Remain alert to phishing indicators. Mismatches between sending addresses and an organization’s name is always a warning sign.
• Treat QR codes with caution. While many of us have gotten comfortable with using QR codes, remember they can be used by attackers to direct you to dangerous websites.     
• Report ANY suspicious emails using the Phish Alarm button. Remember: Our organization occasionally sends phishing simulations.