The US elections have come and gone, but people should still be on the lookout for election-themed phishbait, according to Roger Kay at Inky. Emotions are still running high in the US, and cybercriminals always exploit hot-button issues to make people act irrationally.
Additionally, Kay expects to see a spike in phishing campaigns themed around the next stimulus package that’s been slowly making its way through the US Congress.
“[T]here is little doubt that the next lot of phishing threats will be related to the coming bout of stimulus being negotiated right now between Congress and the White House,” Kay writes. “It's a wave of phishing emails that is likely to feature prominent big bank logos, official-looking government documents, and lots of urgency, lest the recipient miss out on all the cash that’s going to be handed out.”
As an example of what to expect, Kay describes a phishing scam observed earlier this year that took advantage of the first stimulus bill.
“What enterprising phisher can turn down an opportunity to meddle when people are confined to their homes, forced to do transactions online, and anxious about money, particularly when $2 trillion is flowing through the banking system?” Kay asks. “The exceptionally well-crafted phishing emails appeared to be coming from the Federal Reserve System. In reality, they led to a Website with a convincing-sounding URL, listed ‘participating’ banks with real logos, and showed many other fine details that the hacker pulled from the sites of the U.S. Paycheck Protection Program (PPP), the Federal Emergency Management Agency (FEMA), and the Center for Disease Control (CDC) so as to convince the recipient that the message came from a legitimate source.”
While the themes of phishing campaigns are constantly changing to exploit current events, the underlying social engineering tactics remain the same. New-school security awareness training can help your employees recognize these tactics so they can thwart evolving phishing threats.
Inky has the story.
