Security News > 2021 > April > Tax Phish Swims Past Google Workspace Email Security

Tax Phish Swims Past Google Workspace Email Security
2021-04-13 18:29

A W2 tax email scam is circulating in the U.S. using Typeform, a popular software that specializes in online surveys and form building.

According to Armorblox, the campaign also bypasses native Google Workspace email security filters in the victims it examined.

Researchers said that one of the most notable aspects of the campaign is its ability to skirt around email defenses, including native Google Workspace email security.

"The email title, content and context aimed to induce a sense of fear and urgency in the victims. By using tax and deadline-related anxieties that beset the best of us, attackers hope that victims click before they think," researchers explained.

They added, "The email includes a link that says 'Learn about messages protected by Office 365' that leads to a real Microsoft-hosted page with security information. Attackers often include such signifiers in emails to lull victims into a false sense of security."

"If an email does make it into the inbox, then go to the website and call the number to check if it is authentic and do not call the number if provided within the email as, most likely, it is fake also," he advised.


News URL

https://threatpost.com/tax-phish-google-workspace-email-security/165376/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 256 4320 4678 741 9995