A newly found phishing email campaign is impersonating U.S. government agencies that offer federal assistance for COVID-19 financial relief. The primary purpose of these new attacks is to harvest personal information or passwords from victims that could lead to identity theft and account takeover attempts. One of the messages was found by Inky, an email protection company, which reports that cybercriminals are luring victims with a false governmental program that offers up to $5,800 in cash payments. The link to the program appeared suspicious and lead to a “hijacked domain that impersonates the U.S. federal government” according to Inky. A form on the malicious site requires the victim’s date of birth and full name before being able to access another form that asks for additional information including the victim’s social security number, driver’s license number, full address, phone number, and email address. If the victim fills out the form, they are left with a message that promises to contact them “as soon as possible.” Another phishing email claims to be the Pandemic Unemployment Assistance (PUA) program which is managed by each state. The first suspicious indicator is that the email claims to be from the federal government instead of the individual state agency. Just like the first email, the initial link leads to a compromised domain. This email requests a victim’s username and password before it redirects the user to the legitimate relief program website.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security