Scammers are using news reports about stimulus checks and the COVID-19 vaccine to gain access to bank and email accounts
A report from Virginia-based email security firm Cofense details an elaborate scam that impersonates the IRS to install the Dridex banking trojan on PCs The lure is the Biden stimulus bill that just started putting $1,400 checks in people's bank accounts
Meanwhile, phishing campaigns using the word "vaccine" in the subject line doubled from January to March, according to GreatHorn, a Boston-area e-mail security firm As something to watch out for, they cite examples of common phishing e-mails
These malicious efforts are a reminder to be very wary of offers and news delivered via email, social media, and instant messaging, especially if the offer looks too good to be true
The Cofense example certainly fits the "too good to be true" bill Entitled "The President's Rescue Plan Paper," the e-mail message promises a "$4,000 stimulus package" from the IRS, an increase in the minimum wage, the ability to skip the immunization line, "free meals," and more
It references the real American Rescue Plan Act and concludes hilariously with the words "Concern for America's Future, US Federal Government"
All you have to do is fill out the form online
But clicking that button downloads an Excel spreadsheet that looks like an application form But you can't actually fill out the form yet"
A dialog box appears instructing you to click on "Enable content" to review it
Oh, you really shouldn't do that Clicking "Enable content" unlocks a hidden macro in the Excel spreadsheet that exploits a built-in Windows process to download and install a Dridex banking-type Trojan This Trojan is a piece of malware specifically designed to infiltrate your online bank account and wipe it out
Eagle-eyed e-mail recipients may recognize the scheme by looking at the outgoing e-mail address: "rescue_plan@federa1lrsgov" This address has the number "1" where the "L" in "federal" should be and a lowercase "L" where the "I" in "IRS" should be
If you have been following Tom's Guide's excellent coverage of the stimulus package, you know that the real stimulus is $1,400 per person, not $4,000; that the minimum wage provision was not included in the final bill; that the American Rescue Plan Act is a vaccine line you know that it does not guarantee a better place in the vaccine line or free meals
GreatHorn's example of a vaccine-related phishing email is not genuine, but a general approximation of what you might expect to see The example begins by promising information about "Covid-19 vaccination and testing" in the form of a linked PDF
Clicking on the link brings up what looks like a Microsoft Office 365 login window This login window is intended to steal your Microsoft login credentials and access your Microsoft account
In a bit of security theater, the login window may even make you do one of those "click on the picture containing the car" puzzles to prove that you are a human and not a computer algorithm
But at that point the damage is done While you are trying to figure out which image contains a car, a mountain, or a traffic light, the bad guys are hacking into your account and reading your emails
Comments