Anew Phishing campaign has appeared which targets colleges and universities. The IRS has warned of scammers impersonating their service, who are targeting traditional educational institutions. The phishing attacks are carried out via email and attempt to lure the victims in with several methods, mostly through a tax refund promise. The campaign focuses on staff and students who are using a .edu email address.”The phishing emails appear to target university and college students from both public and private, profit and non-profit institutions,” the revenue service said.
The attacks were first noted by Abnormal Security in late March. Researchers noted that the campaign was sent to as many as 50,000 email inboxes. The subject messages usually appears as “Tax Refund Payment” or “Recalculation of your tax refund payment” to attract the targets’ attention. The email will also state that the victim is due to receive $1400.
The Phishing Email Being Sent By The Scammers
Within the email is a link embedded in the text that reads ‘Claim your refund now.’ Clicking on the link will send the victim to the fraudulent IRS page and is prompted to fill out their information. Though many phishing web pages look suspicious, the fake IRS page, in this case, is high-fidelity.
Some of the information the victims is asked for includes:
- Social Security number
- First Name
- Last Name
- Date of Birth
- Prior Year Annual Gross Income (AGI)
- Driver’s License Number
- Current Address
- City
- State/U.S. Territory
- ZIP Code/Postal Code
- Electronic Filing PIN
This impersonation is especially convincing as the attacker’s landing page is identical to the IRS website, including the popup alert that states, “THIS U.S. GOVERNMENT SYSTEM IS FOR AUTHORIZED USE ONLY,” a statement that also appears on the legitimate IRS website.
The Fraudulent Webpage
The attacker also attempts to conceal the URL as to not alert the recipient that the url leads to a form hosted on an amazon domain. This was to obscure the landing page in an attempt to forge legitimacy.
One of the reasons why the campaign is successful is because it has been able to bypass Outlooks’ security features. This attack likely bypassed email gateways because the existing gateways only take threat examples from ongoing and current attacks that are in high volume. Phishing attempts that utilize social engineering are much lower in volume, target specific persons, and are able to be hosted on domains that can be quickly taken down. Hackers often utilize this form of entry to bypass email security.
The IRS advises university staff and students who received one of these phishing emails not to click on any of the links embedded within and forward the emails (as file attachments) to [email protected]. They should also get an Identity Protection PIN ASAP to block identity thieves from filing fraudulent tax returns in their names using stolen personal information.
Phishing and Identity Theft
The IRS have long been impersonated by scammers and hackers in phishing campaigns. The goal of these campaigns is to sell victims data online, which will go on to be used in identity theft.
As recently as a November, there was another IRS phishing campaign. Hackers sent phishing emails to trick potential victims, stating that they had outstanding charges related to missed or late payments.
The attack targeted Outlook users, and was sent to over 70,000 inboxes.
To intimidate and send their victims into panic mode, the scammers resorted to legal threats and even add the possibility of an eventual arrest right from the start of the emails whose titles include a “warrant for your arrest” warning.
For added effect, the recipients were also told that the emails would also be forwarded to their employer so that their made-up outstanding amounts will be legally withheld out of their wages.
“We have sent you this warning notification about legal proceedings in May 2019. But you failed to respond on time,” the messages said. “This time, if you fail to respond then we will register this case in court. Consider this as a Final Warning.”
Protection Against Phishing Attacks
When Phishing attacks can bypass outlook security, it is important to have additional tools to combat fraudulent emails. One of these tools is SaferNet. Even if an email makes it through inbox security, SaferNet will kick in when a victim clicks a link, protecting the target from viewing and interacting with the page.
SaferNet is the perfect solution to the cybersecurity issues that individuals, families, and businesses face today. It not only connects every device using a secure, 24/7 always on, military grade VPN, but it also stops outside cyberthreats, malware and viruses as well. On SaferNet, all users are protected anywhere in the world, all the time, on any cellular or Wi-Fi network. In addition to SaferNet’s VPN and cyber protection, it also offers a range of employee or parental/family internet controls including internet filtering, monitoring, scheduling, and blocking access to websites or even entire website categories
Typically, a business or family would need 3 separate services for a VPN, Malware Protection, and Internet Controls; SaferNet offers all 3 features in one service. SaferNet truly is an endpoint security presence that can be implemented in minutes around the world, on phones, laptops, tablets, and computers at an economical price point that caters to all sizes of businesses and families. SaferNet guarantees a smooth setup and installation process that takes only minutes, and an easily accessible control hub for you to monitor all your employee’s or family members devices; including activity, time spent online, and threats blocked.