Quote:Cybercriminals have wasted no time in hopping on the American Rescue Plan – the COVID-19 relief legislation just signed into law – as a lure for email-based scams.
According to researchers at Cofense, a campaign began circulating in March that capitalized on Americans’ interest in the forthcoming $1,400 relief payments and other aid. The emails impersonate the IRS, using the agency’s official logo and a spoofed sender domain of IRS[.]gov – and claim to offer an application for financial assistance. In reality, the emails offer the Dridex banking trojan.
The email says, “It is possible to get aid from the federal government of your choice” and then offers “quotes” for a pie-in-the-sky litany of great (and nonexistent) things – such as a $4,000 check, the ability to “skip the queue for vaccination” and free food.
There’s a button that says, “Get apply form” – if clicked, users are taken to a Dropbox account where they see an Excel document that says, “Fill this form below to accept Federal State Aid.” However, to see this supposed IRS form in its entirety, victims are prompted to enable content. If they do, they trigger macros that set off the infection chain indirectly, according to Cofense.
Read more: $4,000 COVID-19 'Relief Checks' Cloak Dridex Malware | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
