Security News > 2020 > October > Phishing attack spoofs IRS COVID-19 relief to steal personal data
2020-10-07 13:31
In this attack, the initial email promised an important update on the recipient's COVID relief funds to be disbursed to the person's address.
The initial email snuck past Microsoft 365 email security because it didn't follow the usual traits of traditional phishing attacks, according to Armorblox.
The email subject of "IRS Covid Relief Fund Update" and the sender's name of "Irs Covid Relief Funds" were both specific and related to important topics.
Like many phishing emails the message contains a few grammatical errors, such as the IRS not being capitalized in the sender's name.
The phishing page for this attack asked for personal information that the IRS would never ask for via email.
News URL
Related news
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Three Reasons Why the Browser is Best for Stopping Phishing Attacks (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)
- Low-tech phishing attacks are gaining ground (source)
- MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks (source)
- Focused Phishing: Attack Targets Victims With Trusted Sites and Live Validation (source)
- CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users (source)
- Polymorphic phishing attacks flood inboxes (source)
- How to Detect Phishing Attacks Faster: Tycoon2FA Example (source)