A new email attack promises to provide COVID-19 relief funds by way of the IRS, but steals victims’ personal data instead.
Researchers have discovered a new phishing attack from scammers impersonating the IRS. Using personalized details (such as first and last name), the email promises to provide an update on COVID-19 relief funds that will make its way to the victim’s bank account.
The email then links out to a Sharepoint (a Microsoft tool) form that asks for tax ID numbers, Social Security Numbers, and even driver’s license numbers before being able to access the relief funds document.
Unfortunately, the form, while legitimate is used to harvest victims’ information on behalf of the scammers.
The phishing email can be effective for a couple of reasons. They impersonate the IRS, who, presumably, would have the authority to ask for such personal information. Because the email offers the promise of funds, it’s immediately enticing. Lastly, the form URL is an actual Sharepoint link—hackers were able to exploit an existing medical organization’s account—meaning traditional spam and/or malware blockers wouldn’t flag the link as problematic or malicious.
Whenever you’re asked to divulge sensitive information, especially over what seems to via an unsecured manner (such as a simple form on a page). The IRS and major federal agencies also take special care whenever asking you for this information so always be wary when you’re asked to provide those details over the phone or the internet.
Look at the details.
As the researchers have noted, the email itself has some grammatical errors and there are instances where IRS wasn’t capitalized. Phishing emails usually have some giveaway, whether it’s incorrect grammatical, strange turn of phrases, or some other that seems off. Always err on the side of caution here.
To learn more about this phishing attack, visit TechRepublic.