Security News > 2020 > October > Phishing attack spoofs IRS COVID-19 relief to steal personal data
2020-10-07 13:31
In this attack, the initial email promised an important update on the recipient's COVID relief funds to be disbursed to the person's address.
The initial email snuck past Microsoft 365 email security because it didn't follow the usual traits of traditional phishing attacks, according to Armorblox.
The email subject of "IRS Covid Relief Fund Update" and the sender's name of "Irs Covid Relief Funds" were both specific and related to important topics.
Like many phishing emails the message contains a few grammatical errors, such as the IRS not being capitalized in the sender's name.
The phishing page for this attack asked for personal information that the IRS would never ask for via email.
News URL
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)