Researchers at INKY warn that criminals are impersonating the US Department of Homeland Security to launch phishing scams.
The crooks are taking advantage of heightened emotions and tensions surrounding the Trump Administration’s deportation efforts.
Some of the phishing emails reference a recent executive order on immigration, while others attempt to trick users into believing they have a stake in unclaimed funds.
The phishing sites are designed to filter out security crawlers and researchers, making them more likely to reach users who will fall for the scam.
“When we visited the link associated with the first example, departmentimmigration[.]info, it actually redirected us to the official website of the U.S. Citizenship and Immigration Services which is a department within DHS,” INKY explains.
“When we tried the second link, departmentimmigration[.]life, we were greeted with a 403 Forbidden message which means that the server understood the request but was refusing to fulfill it. Because of this, we believe that this phishing campaign could be a targeted phishing technique often referred to as host-based cloaking or IP-targeted phishing. This type of attack ensures that only users from a specific hostname, IP range, or even device fingerprint see the malicious content.”
INKY says users should be on the lookout for red flags associated with phishing emails, especially regarding emails designed to convey a sense of urgency.
“Be leery of links and look closely at the domains,” the researchers write. “Official U.S. government domains usually end in .gov or .mil rather than .com or another suffix. In this case, it should be a red flag to the email recipients that none of these sender email addresses, domains, or links came from an address that ended in .gov or .mil.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
INKY has the story.
