Security News > 2020 > October > Phishing attack spoofs IRS COVID-19 relief to steal personal data
In this attack, the initial email promised an important update on the recipient's COVID relief funds to be disbursed to the person's address.
The initial email snuck past Microsoft 365 email security because it didn't follow the usual traits of traditional phishing attacks, according to Armorblox.
The email subject of "IRS Covid Relief Fund Update" and the sender's name of "Irs Covid Relief Funds" were both specific and related to important topics.
Like many phishing emails the message contains a few grammatical errors, such as the IRS not being capitalized in the sender's name.
The phishing page for this attack asked for personal information that the IRS would never ask for via email.
News URL
Related news
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)