Cybercriminals looking to steal personal information are baiting U.S. citizens with emails purporting to be from government agencies offering federal assistance.
Bad actors are sending out messages purporting to be from federal government entities offering financial aid or unemployment assistance during the pandemic.
Personal data and credentials
The purpose of the phishing campaigns is to collect personal data that could be used for identity theft or usernames and passwords that could be used for credential stuffing attacks.
For one malicious message, email protection company Inky says that the cybercriminals lured victims with a fake government program that offers up to $5,800 in cash payments.
The link to the program looks suspicious but clicking on it leads to a “hijacked domain that impersonates the U.S. federal government,” Inky says in a report today.
A form on the malicious site asks the victim initially for their name and date of birth, to access another form that asks for additional info including the social security number, driver’s license, address, postal code, state, phone number, and email address.
With all the data filled in, the crooks thank the victim for the input and leave the promise to contact them “as soon as possible.”
A second phishing email is an alert for suspicious activity. It impersonates the Pandemic Unemployment Assistance (PUA) program, managed by each state. The fact that the message appears to come from the federal government should be a red flag.
Just like in the previous message, the link in this email leads to a page hosted on a domain that had been compromised.
The information requested here are the victim’s username and password. After getting the data, the victim is redirected to the genuine Unemployment Insurance Relief program from the U.S. Department of Labor.
“These are just two examples of phishing attacks tailored to today’s headlines. The pitches are designed to prey on the anxieties of ordinary people, who are unlikely to notice the slight discrepancies, misspellings, and odd link names until it is too late” – Inky
To read the original article: