Threat Advisory – Phishing Campaign Mimicking Primacy Agency Data Validation Request Resurfaces

In August, WaterISAC reported on a phishing campaign pretending to be from the Massachusetts Department of Environmental Protection (EPA Region 1). The campaign was specifically targeting utilities in Massachusetts with a request to verify the PWS information that the threat actor included in the email. For details from the initial campaign, visit the WaterISAC Resource Center post, Threat Advisory – Current Phishing Campaign Mimics a Primacy Agency Data Validation Request.

New activity: WaterISAC has been made aware of a nearly identical campaign during the past week impacting multiple EPA Regions, including another attempt at targeting Region 1 water utilities. Consequently, MassDEP distributed a Phishing Alert to its constituents stating, “On January 09, 2023, multiple PWS received a phishing email asking them to verify/update their PWS information by clicking on a link. The attackers in this email used the Commonwealth of Massachusetts seal to give the phishing email the appearance of legitimacy.”

Additional Resource

• Targeted Email Account Compromise Phishing Incidents Continue Against U.S. Water and Wastewater Utilities (WaterISAC)

Incident Reporting
WaterISAC encourages any members who have experienced malicious or suspicious activity to email an*****@*******ac.org, call 866-H2O-ISAC, or use the online incident reporting form.