Security News > 2020 > October > Phishing attack spoofs IRS COVID-19 relief to steal personal data
In this attack, the initial email promised an important update on the recipient's COVID relief funds to be disbursed to the person's address.
The initial email snuck past Microsoft 365 email security because it didn't follow the usual traits of traditional phishing attacks, according to Armorblox.
The email subject of "IRS Covid Relief Fund Update" and the sender's name of "Irs Covid Relief Funds" were both specific and related to important topics.
Like many phishing emails the message contains a few grammatical errors, such as the IRS not being capitalized in the sender's name.
The phishing page for this attack asked for personal information that the IRS would never ask for via email.
News URL
Related news
- How Phishing Attacks Adapt Quickly to Capitalize on Current Events (source)
- Google raps Iran's APT42 for raining down spear-phishing attacks (source)
- Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks (source)
- Cybercriminals exploit file sharing services to advance phishing attacks (source)
- CERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW Bait (source)
- How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back (source)
- Novel attack on Windows spotted in phishing campaign run from and targeting China (source)
- Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks (source)
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)