Phishing spoofs US Federal Reserve to steal online bank accounts

Scammers have been sending out emails that impersonate the U.S. Federal Reserve and lure recipients with financial relief options through the Payment Protection Program.

This phishing theme is becoming common these days as the U.S. government is offering funding options to citizens and businesses to overcome the problems created by the new coronavirus outbreak.

The pandemic put tens of millions of Americans in a rough financial spot and cybercriminals are now taking advantage of the situation in an attempt to drain their bank accounts.

IBM X-Force published a report on Thursday saying that they’ve spotted multiple spam campaigns impersonating the U.S. Small Business Administration and promising government relief funds to the recipients.

Financial relief lure

Anti-phishing company Inky details a campaign with the same theme, which they describe as being “arguably the most sophisticated-looking phishing scam we’ve ever seen.”

“This scam combines a plausible-looking email purporting to be from US ‌Federal Reserve with a beautifully designed website offering to provide financial assistance” - Inky

The attackers are spoofing a legitimate program that is widely known among Americans. At least one bait email reached a potential victim in mid-April trying to collect credentials for logging into their online banking account.

email screenshot

Recipients accessing the link in the message land on a page with showing the logos for the Federal Emergency Management Agency (FEMA) and the Centers for Disease Control and Preventio‌n (CDC).


Read full article.