Request a Quote

Thank you for reaching out to us! Please fill out and submit the form below and we will get back to you as soon as we are able to. Existing clients may Contact Us online or submit a Support Request.

Your Contact Information

What Services are you interested in?

Project Schedule

Additional Information

Phishing Schemes cause confusion with Virginia Small Business and Supplier Diversity (SBSD) Email Communications
Apr 29,
2020
Phishing Schemes cause confusion with Virginia Small Business and Supplier Diversity (SBSD) Email Communications
Over the past two weeks the SBSD has sent email notifications related to reports of phishing schemes from hackers who are seeking to take advantage of the COVID-19 Pandemic.

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication (i.e. email, direct message, SMS, etc).

In both of the phishing emails the senders tried to spoof the SBSD's domain name by sending from [email protected] and [email protected]

SBSD Phishing Email # 1:

In the first referenced case the subject was "Invitation to Bid".  It should be noted that the Department of Small Business and Supplier Diversity "has no involvement in the Bidding or Procurement process".

  Sender: Virginia Department of Small Business and Supplier Diversity (SBSD) <[email protected]>

  Subject: INVITATION TO BID

  Red Flag: SBSD has no involvement in the Bidding or Procurement process.

Below is a copy of the message as provided by SBSD:

*******************************************
From: "Virginia Department of Small Business and Supplier Diversity (SBSD) " <[email protected]>
Subject: INVITATION TO BID
Dear Vendor
A bid was just posted matching one of your selected bid category numbers.
----> PRE-PROPOSAL CONFERENCE INFO <----
Mandatory: NO -- The lead entity does NOT require any prospective bidder tobe in attendance at the pre-proposal conference meeting for their bid to be considered.
Conference Date: 04/30/2020
Conference Time: 2:00 PM Eastern Daylight Time
Location: City of Virginia, 101 N. 14th Street, 11th Floor
Richmond,  VA 23219 USA

Bid Openings

Note: Bids and bidders are subject to examination. Amounts and ranking may change in accordance with City of Virginia Standard Specifications-- Section 102 “Bidding Requirements and conditions” and Section 103 “Award and Execution of Contract.”

Use the below link to view all active contracts available for bids. (2020 Opening Bids)Conference Document: NO.541327609

----> RETRIEVE BID <--CLICK HERE to view these bid documents.

Thank you for your interest in Virginia Statewide Purchasing.
This email originated from:
City Services -Virginia Department of Small Business and Supplier Diversity (SBSD) [email protected]
*******************************************

SBSD Phishing Email # 2:

In the second phishing attempt the sender appeared as "[email protected]" and the subject displayed as "Virginia Certification Update".  This attempt shows that the scammers learned from their previous attempt, providing more relevant content as the email's subject.  As scammers adapt so should you.

  Sender: <[email protected]>

  Subject: Virginia Certification Update 

Below is a copy of the message as provided by SBSD:

*******************************************
Sent: Wednesday, April 29, 2020
Subject: Virginia Certification Update
You have a message from the Virginia Department of Small Business Services Certification Unit. Please click here to view the attached document for additional details. Should you have any questions, please contact us at 804- 785-6185 or [email protected]
Virginia is committed to providing you with excellent customer service. This commitment extends to routine agency inspections, which are necessary to protect the public's health and safety. The Business Owners Bill of Rights ensures that business owners are provided prompt, efficient and easily accessible services.
To view the Business Owners Bill of Rights click here.
*******************************************

As a result SBSD sent out an email on April 29th, 2020 with the following guidance:

To validate that emails are coming from the Commonwealth of Virginia and to better filter out phishing attacks like this, you may choose to turn up your email security with SPF and DKIM checking. Please contact your email provider or your support department on how to enable these options.

As a Subject Matter Expert in Email Authentication and DNS Management as well as being a Constant Contact Certified Solutions Provider (Constant Contact being the email marketing platform SBSD uses) I do not believe it is fair for SBSD to place the burden entirely on the end users who are actually the targets and in some cases victims of these phishing attacks.  SBSD and other government agencies should steer away from using cheap solutions like WordPress and instead utilize Virginia Small Business providers like Insercorp who understand the importance of properly setting up SPF, DKIM, and DMARC records. 

Tim Bradshaw
Founder & CEO
Tim Bradshaw is the Founder and CEO of Insercorp LTD.
Leave a Comment!

Comments

Your comment has been successfully submitted and will be posted when reviewed and approved.
User Comments
Google Icon
Youtube Icon
Linkedin Icon
Pinterest Icon
Request a Quote