Contact company icon Add as a preferred source Download PDF version

In this attack, attackers impersonate a message from the United States government, claiming to provide information on the Paycheck Protection Program in an attempt to steal valuable credentials.

Summary of the attack target

  • Platform: Office 365
  • Mailboxes: Less than 10,000
  • Bypassed Email Gateway: Proofpoint
  • Victims: Employees
  • Payload: Link
  • Technique: Impersonation

What was the attack?

1) Setup: Fraudulent actors continue to capitalise on the ongoing pandemic by intercepting information from the vulnerable as Congress extends the Paycheck Protection Program. This attack features an instance where attackers carefully craft an impersonated government message to phish for credentials.

If recipients fall victim to the phishing ploy and enter their credentials, they provide attackers with information

2) Email Attack: In this attack, the recipient receives an email from what appears to be the government by using a spurious domainHowever, the domain is registered to an owner in Torino, IT, which should indicate an immediate red flag as the email claims to provide information for a US-based program. The body of the message claims to provide continued financial relief aid and directs the recipient to the embedded link to learn more. Upon following the link, the recipient is led to a form that acts as a form for PPP loan qualification. 

3) Payload: The email’s body contains a brief statement regarding Congress’s extension of PPP along with a link to an application form that claims to be a World Trade Finance PPP 2021 Data Collection form. Within the form, the recipient is expected to enter sensitive information including their business legal name, full name, business email, date of birth, social security number, and more.

4) Result: If recipients fall victim to the phishing ploy and enter their credentials, they provide attackers with confidential information that would expose their business to fraudulent activity.

Why was this attack effective?

Convincing landing page: The email seems convincing because the email contains “gov” in the domain, leading the recipient to believe this is a legitimate message from the government. Further, the email signature is signed as the President of the World Trade Finance organisation, in an attempt to legitimise the email.

Widespread Attack: The attack was sent to a mass amount of receipts, increasing its chances of someone falling prey.

Learn why leading casinos are upgrading to smarter, faster, and more compliant systems

Related videos

Find Lost Wallet with Dahua WizSeek

Find Lost Wallet with Dahua WizSeek
Dahua Traffic Signal Controller Highlight

Dahua Traffic Signal Controller Highlight
Insta DomainLink Secret™

Insta DomainLink Secret™

In case you missed it

Which vertical markets have the greatest growth potential for security?
Which vertical markets have the greatest growth potential for security?

To serve various vertical markets and industries effectively, security professionals must recognise that each sector has unique assets, risks, compliance requirements, and operatio...

Marin Hospital enhances security with eCLIQ access control
Marin Hospital enhances security with eCLIQ access control

The Marin Hospital of Hendaye in the French Basque Country faced common challenges posed by mechanical access control. Challenges faced Relying on mechanical lock-and-key technol...

What’s behind (perimeter) door #1?
What’s behind (perimeter) door #1?

A lot has been said about door security — from reinforced door frames to locking mechanisms to the door construction — all of which is crucial. But what security measur...

Featured white papers
One system, one card

One system, one card

Download
Enhancing physical access control using a self-service model

Enhancing physical access control using a self-service model

Download
Aligning physical and cyber defence for total protection

Aligning physical and cyber defence for total protection

Download
Understanding AI-powered video analytics

Understanding AI-powered video analytics

Download
How to implement a physical security strategy with privacy in mind

How to implement a physical security strategy with privacy in mind

Download
More case studies
Rohde & Schwarz installs R&S QPS201 Quick Personnel Security (QPS) scanner at Kerry Airport

Rohde & Schwarz installs R&S QPS201 Quick Personnel Security (QPS) scanner at Kerry Airport
VIVOTEK provides a rigorous surveillance system for Peyrelongue Chronos to prevent robbery and safeguard surroundings

VIVOTEK provides a rigorous surveillance system for Peyrelongue Chronos to prevent robbery and safeguard surroundings
PAC Residential Cloud access control technology ensures enhanced safety and security for residents of the London Borough of Ealing

PAC Residential Cloud access control technology ensures enhanced safety and security for residents of the London Borough of Ealing
Featured products
Hikvision AOV 4G Solar Camera Series for Off-Grid Video Security

Hikvision AOV 4G Solar Camera Series for Off-Grid Video Security
KentixONE – IoT Access and Monitoring For Data Centres

KentixONE – IoT Access and Monitoring For Data Centres
Climax Technology HSGW-Gen3 Modular Smart Security Gateway

Climax Technology HSGW-Gen3 Modular Smart Security Gateway