Security News > 2020 > October > Phishing attack spoofs IRS COVID-19 relief to steal personal data
2020-10-07 13:31
In this attack, the initial email promised an important update on the recipient's COVID relief funds to be disbursed to the person's address.
The initial email snuck past Microsoft 365 email security because it didn't follow the usual traits of traditional phishing attacks, according to Armorblox.
The email subject of "IRS Covid Relief Fund Update" and the sender's name of "Irs Covid Relief Funds" were both specific and related to important topics.
Like many phishing emails the message contains a few grammatical errors, such as the IRS not being capitalized in the sender's name.
The phishing page for this attack asked for personal information that the IRS would never ask for via email.
News URL
Related news
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)
- OneBlood confirms personal data stolen in July ransomware attack (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)