Scam emails involve stimulus checks
This year, Americans abroad will see a host of stimulus, medical, and unemployment benefits to get them back on track to a sense of normalcy. A widespread economic relief package has started its deployment and will provide a small level of financial aid to people in need, especially those affected by COVID-19.
The package has various benefits, such as an extension of unemployment payments. But, most headline grabbers circle around the direct economic stimulus. Valid recipients will see an injection of $1400 in their bank accounts, or by check. Or, if they didn’t receive previous benefits, can claim that on their taxes, along with tax returns. The long and short is pretty simple: money.
However, this is a critical and anxious time for thousands of people. When will they get their money? How can they track it? Did they provide the correct information? It’s questions like these that give malicious actors a bedrock to build malware campaigns on.
The threat environment
Referred to as the American Rescue Plan, the bill is a direct relief payment (and other benefits) for Americans in need. Culprits have wasted no time in taking advantage of this, launching various email scams to take advantage.
Emails surrounding the scam typically involve the “release” of the stimulus payment. Naturally, this subject alone is a stressful subject, especially for those who may still be waiting for their payment. Additionally, for those that did not receive stimulus payments before and will receive it as part of a tax credit, the misinformation and confusion surrounding the release are what scammers rely on.
As for the messages, they also add details and impossibilities regarding the stimulus bill, such as choosing when to get it, and, an increased amount. Some emails even promise stimulus amounts of up to $4,000. For Americans in desperate need of assistance, no doubt this is an attractive sentiment. Some even have “information” about early COVID-19 vaccinations.
Of course, none of this is official, and predatory in nature.
The email anatomy
Like most phishing emails and social engineering schemes, the email message in question has several characteristics to remain aware of.
For example, it attempts to make use of “official imagery” to dupe users. In this instance, attempting to appear as an official email from the IRS. Cofense, the organization originally identifying this scheme, pointed out that users would receive an email from a fraudulent party. The message contains a link, redirecting a user to a dropbox which informs the user to download a PDF file with the “application information.”
Cofense explained that what makes this particular malware dangerous is its ability to avoid automated anti-virus detection. The macros, in this case, “drop an .XSL file to the disc.” Afterward, it takes advantage of windows services by exploiting Windows Management Instrumentation to gather data about the infected machine/network.
This allows the compromised tool to “ask” things about the system, such as what software and defense tools it has. From there, the tool also allows the shell to download malware, circumventing any anti-malware suites.
Avoiding a costly error
Naturally, no one wants to fall victim to this type of attack, especially if they’re in need. Avoiding phishing scams, however, is relatively simple, only requiring recipients to be extra careful about messages they receive. A few key tips to follow can prevent successful phishing breaches:
- Double-check the sender’s email address
- Never click on links provided in an email unless you’re certain who the sender is
- Avoid downloading files or “logging in” to websites from an email link
- If you follow the link in a message, double-check the HTML address, as fraudulent ones will typically involve falsified names
- Always express caution, especially if an email contains content/offers that’s “too good to be true”
Like we always stress, remain cautious. You’ll lose nothing by second-guessing emails and double-checking the content.
If you’re still concerned about these issues, however, you can get help. Contact Bytagig today to learn what we can do for you.
