The phishing page tries to obtain email credentials, Social Security numbers, driver’s license numbers, and tax numbers, says Armorblox.
Phishing campaigns continue to be a popular and pervasive method of cyberattack. By impersonating a well-known company or brand, cybercriminals typically look to capture sensitive information from unsuspecting users. A new phishing attack spotted by cybersecurity firm Armorblox exploits the IRS, the coronavirus, and SharePoint all in one fell swoop.
SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
In a blog post published Wednesday, Armorblox described this credential phishing campaign as one that hit several of its customers just a few days ago. In this attack, the initial email promised an important update on the recipient’s COVID relief funds to be disbursed to the person’s address.
Clicking the link to view a message about this update would take the user to a SharePoint form that had to be completed to obtain the full document. At that point, the form asked not only for email credentials but for a Social Security number, driver’s license number, and tax ID number. Of course, any such information entered into the form would then be captured by the criminals behind this campaign.
The initial email snuck past Microsoft 365 email security because it didn’t follow the usual traits of traditional phishing attacks, according to Armorblox.
The email contained the right type of language and content designed to elicit a quick response from a trusting recipient. The email subject of “IRS Covid Relief Fund Update” and the sender’s name of “Irs Covid Relief Funds” were both specific and related to important topics. Using the name of the IRS is designed to invoke an immediate action from the user. The