Geeks for your information News Privacy & Security News v
IRS COVID-19 Relief Payment Deadlines Anchor Convincing Phish
IRS COVID-19 Relief Payment Deadlines Anchor Convincing Phish
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,064 in 3,838 posts
Thanks Given: 6,200
Joined: 12 September 18
#1
Information  08 October 20, 12:18
Quote:A credential-phishing email campaign is making the rounds, using the lure of coronavirus tax relief to scam people into giving up their personal information.
 
The data-harvesting cybercriminals are looking to take advantage of the Internal Revenue Service (IRS) deadlines that are approaching for consumers who haven’t received an Economic Impact Payment. While most Americans got their one-time $1,200 payment in the spring, those who don’t usually file tax returns (such as those on Social Security) weren’t automatically included in that payout. These individuals have until Nov. 21 to register for their assistance check. Meanwhile, taxpayers who requested an extension of time to file their 2019 tax return have a deadline of October 15.
 
The emails purport to contain an important document about COVID-19 relief funds from the IRS. Clicking the link in the email leads readers to a SharePoint form that they were told to complete before accessing the document, according to Chetan Anand, co-founder and architect at Armorblox.
 
The SharePoint form asks for email credentials, Social Security numbers, driver license numbers and tax ID numbers.
 
The sneaky use of the SharePoint form as an interim step helped the emails get past email gateways, Anand noted, in a blog posted Wednesday.
 
“This email got past existing Office 365 email security controls because it didn’t follow the tenets of more traditional phishing attacks,” he wrote. “When victims clicked the link in the email, they were led to a SharePoint form that asked for email credentials along with a host of other personal information…Since the phishing link pointed to a legitimate SharePoint page, it got past any email security filters designed to block known bad domains. The familiar Microsoft branding on the page might also put victims’ minds at ease as they subconsciously buy into the legitimacy of the email. It’s worth noting the irony-laden footer asking people not to share passwords or give away personal information.”

Read more: https://threatpost.com/irs-covid-impact-...sh/159913/
[-] The following 2 users say Thank You to silversurfer for this post:
  • harlan4096, Toligo
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
CrystalDiskInfo 9.8.0 [2026/02/15]
9.8.0 ​ Removed...harlan4096 — 17:07
K-Lite Codec Pack 19.4.5 / 19.4.9 Update
Changes in 19.4.9 ...harlan4096 — 16:30
Brave 1.87.188 (Chromium 145.0.7632.76)
Release v1.87.188 ...harlan4096 — 16:29
Opera 127.0.5778.64
New update to Oper...harlan4096 — 16:28
INTEL Arc Graphics 32.0.101.8509 driver
INTEL Arc Graphics...harlan4096 — 16:27

[-]
Birthdays
Today's Birthdays
avatar (39)MezirLal
Upcoming Birthdays
avatar (38)showercurtains
avatar (49)PeterWhink
avatar (46)dimaWeami
avatar (39)TranoTymn
avatar (38)Michaelaburi
avatar (46)dpascoal
avatar (51)Ronaldduh
avatar (39)legalgauch
avatar (44)Baihu
avatar (27)RaseinsLikes

[-]
Online Staff
There are no staff members currently online.

>