Download PDF version Contact company

In this attack, attackers impersonate a message from the United States government, claiming to provide information on the Paycheck Protection Program in an attempt to steal valuable credentials.

Summary of the attack target

  • Platform: Office 365
  • Mailboxes: Less than 10,000
  • Bypassed Email Gateway: Proofpoint
  • Victims: Employees
  • Payload: Link
  • Technique: Impersonation

What was the attack?

1) Setup: Fraudulent actors continue to capitalize on the ongoing pandemic by intercepting information from the vulnerable as Congress extends the Paycheck Protection Program. This attack features an instance where attackers carefully craft an impersonated government message to phish for credentials.

If recipients fall victim to the phishing ploy and enter their credentials, they provide attackers with information

2) Email Attack: In this attack, the recipient receives an email from what appears to be the government by using a spurious domainHowever, the domain is registered to an owner in Torino, IT, which should indicate an immediate red flag as the email claims to provide information for a US-based program. The body of the message claims to provide continued financial relief aid and directs the recipient to the embedded link to learn more. Upon following the link, the recipient is led to a form that acts as a form for PPP loan qualification. 

3) Payload: The email’s body contains a brief statement regarding Congress’s extension of PPP along with a link to an application form that claims to be a World Trade Finance PPP 2021 Data Collection form. Within the form, the recipient is expected to enter sensitive information including their business legal name, full name, business email, date of birth, social security number, and more.

4) Result: If recipients fall victim to the phishing ploy and enter their credentials, they provide attackers with confidential information that would expose their business to fraudulent activity.

Why was this attack effective?

Convincing landing page: The email seems convincing because the email contains “gov” in the domain, leading the recipient to believe this is a legitimate message from the government. Further, the email signature is signed by the President of the World Trade Finance organization, in an attempt to legitimize the email.

Widespread Attack: The attack was sent to a mass amount of receipts, increasing its chances of someone falling prey.

Download PDF version Download PDF version

Related videos

OPTEX REDSCAN Mini Series Protects The Londoner Hotel

OPTEX REDSCAN Mini Series Protects The Londoner Hotel
Upgraded Feature For Xesar - Now With Smartphone As Well!

Upgraded Feature For Xesar - Now With Smartphone As Well!
Enhancing Government Security With Proactive Threat Detection From Wavestore

Enhancing Government Security With Proactive Threat Detection From Wavestore

In case you missed it

Luxury Londoner Hotel Secured By OPTEX Laser Sensors
Luxury Londoner Hotel Secured By OPTEX Laser Sensors

OPTEX, the pioneering global sensing manufacturer, has specified and installed its compact and intelligent REDSCAN RLS-2020 LiDAR laser sensors at the new luxury five-star Londoner...

ASSA ABLOY eCLIQ: Secure Access At Hofbräuhaus Munich
ASSA ABLOY eCLIQ: Secure Access At Hofbräuhaus Munich

Munich’s Hofbräuhaus enjoys an iconic status, as both a heritage property and a spiritual home for lovers of German beer. “In this historic building is the world&r...

How Should Total Cost of Ownership (TCO) Impact Security Decisions?
How Should Total Cost of Ownership (TCO) Impact Security Decisions?

Direct costs such as purchase price and maintenance are important elements in the total cost of ownership (TCO). However, there are others. Elements such as opportunity costs of lo...

Featured white papers
The Security Challenges Of Data Centers

The Security Challenges Of Data Centers

Download
Security Practices For Hotels

Security Practices For Hotels

Download
Access Control System Planning Phase 2

Access Control System Planning Phase 2

Download
SIA Identity and Biometrics Symposium

SIA Identity and Biometrics Symposium

Download
Video Surveillance

Video Surveillance

Download
More case studies
Rohde & Schwarz Installs R&S QPS201 Quick Personnel Security (QPS) Scanner At Kerry Airport

Rohde & Schwarz Installs R&S QPS201 Quick Personnel Security (QPS) Scanner At Kerry Airport
VIVOTEK Provides A Rigorous Surveillance System For Peyrelongue Chronos To Prevent Robbery And Safeguard Surroundings

VIVOTEK Provides A Rigorous Surveillance System For Peyrelongue Chronos To Prevent Robbery And Safeguard Surroundings
PAC Residential Cloud Access Control Technology Ensures Enhanced Safety And Security For Residents Of The London Borough Of Ealing

PAC Residential Cloud Access Control Technology Ensures Enhanced Safety And Security For Residents Of The London Borough Of Ealing
Featured products
ASSA ABLOY Aperio P100 Padlock

ASSA ABLOY Aperio P100 Padlock
Climax Technology TouchPanel-3

Climax Technology TouchPanel-3
ASSA ABLOY eCLIQ Electronic Key For Enhanced Building Security

ASSA ABLOY eCLIQ Electronic Key For Enhanced Building Security