Phishing spoofs US Federal Reserve to steal online bank accounts
Scammers have been sending out emails that impersonate the U.S. Federal Reserve and lure recipients with financial relief options through the Payment Protection Program.
This phishing theme is becoming common these days as the U.S. government is offering funding options to citizens and businesses to overcome the problems created by the new coronavirus outbreak.
The pandemic put tens of millions of Americans in a rough financial spot and cybercriminals are now taking advantage of the situation in an attempt to drain their bank accounts.
IBM X-Force published a report on Thursday saying that they’ve spotted multiple spam campaigns impersonating the U.S. Small Business Administration and promising government relief funds to the recipients.
Financial relief lure
Anti-phishing company Inky details a campaign with the same theme, which they describe as being “arguably the most sophisticated-looking phishing scam we’ve ever seen.”
“This scam combines a plausible-looking email purporting to be from US Federal Reserve with a beautifully designed website offering to provide financial assistance” - Inky
The attackers are spoofing a legitimate program that is widely known among Americans. At least one bait email reached a potential victim in mid-April trying to collect credentials for logging into their online banking account.
Recipients accessing the link in the message land on a page with showing the logos for the Federal Emergency Management Agency (FEMA) and the Centers for Disease Control and Prevention (CDC).
The site looks pretty convincing, announcing that individuals can get an economic impact payment of up to $1,200, double that for married couples, and $500 per child for parents. Inky researchers found that the website was registered on April 16 via Namecheap.
If the recipient chooses to get the “economic impact payment,” they get a drop-down menu with a list of almost two dozen banks to choose from.
Long list of banks
In the next step, the scammers show a login box for the selected bank that includes the official logo. The list of banks includes Wells Fargo, Chase, Bank of America, Citibank, Capital One, Scotia, Compass, SunTrust, Fifth Third, M&T, Santander, the Navy Federal Credit Union.
After typing in the credentials, the victim gets an error message saying that they provided the wrong data. In the background, the info is sent to the attacker.
Inky researchers say that the threat actor has put in some effort to make the whole scam look legitimate. They used stock images and the real FAQ section from the IRS Economic Impact Payment site.
Given the pandemic, this sort of threats are not going to subside soon. Users should exercise caution with messages that promise economic relief during this period. Getting information from official sources and not from links received over emails announcing news that is too good.
Gloss