Crooks Impersonate US Govt Agencies Offering Financial Aid

Cybercriminals looking to steal personal information are baiting U.S. citizens with emails purporting to be from government agencies offering federal assistance.

Bad actors are sending out messages purporting to be from federal government entities offering financial aid or unemployment assistance during the pandemic.

Personal data and credentials

The purpose of the phishing campaigns is to collect personal data that could be used for identity theft or usernames and passwords that could be used for credential stuffing attacks.

For one malicious message, email protection company Inky says that the cybercriminals lured victims with a fake government program that offers up to $5,800 in cash payments.

The link to the program looks suspicious but clicking on it leads to a “hijacked domain that impersonates the U.S. federal government,” Inky says in a report today.

Also Read: Best Privacy Certification: 3 Simple Steps On How To Achieve

A form on the malicious site asks the victim initially for their name and date of birth, to access another form that asks for additional info including the social security number, driver’s license, address, postal code, state, phone number, and email address.

With all the data filled in, the crooks thank the victim for the input and leave the promise to contact them “as soon as possible.”

A second phishing email is an alert for suspicious activity. It impersonates the Pandemic Unemployment Assistance (PUA) program, managed by each state. The fact that the message appears to come from the federal government should be a red flag.

Just like in the previous message, the link in this email leads to a page hosted on a domain that had been compromised.

The information requested here are the victim’s username and password. After getting the data, the victim is redirected to the genuine Unemployment Insurance Relief program from the U.S. Department of Labor.

Also Read: Computer Misuse Act Singapore: The Truth And Its Offenses

“These are just two examples of phishing attacks tailored to today’s headlines. The pitches are designed to prey on the anxieties of ordinary people, who are unlikely to notice the slight discrepancies, misspellings, and odd link names until it is too late” – Inky

Privacy Ninja provides GUARANTEED quality and results for the following services: 
DPO-As-A-Service (Outsourced DPO Subscription)
PDPA Compliance Training
P
DPA Compliance Audit
Dig
ital Transformation Consultancy
Data Protection Trustmarks Certification Readiness Consultancy

PDPA Data Protection Software
Vulnerability Assessment & Penetration Testing (VAPT)
Smart Contract Audit

Like & Subscribe:
Facebook
LinkedIn
Twitter
YouTube
Podcast

Categories: Scams

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *