The attackers are spoofing a legitimate program that is widely known among US citizens. At least one fake email reached a potential victim in mid-April 2020 trying to collect credentials for logging into their online banking account. Recipients accessing the link in the message land on a page that displays the logos for the Federal Emergency Management Agency (FEMA) and the Centres for Disease Control and Prevention (CDC).
The site announces that individuals can get an economic impact payment of up to USD 1,200, double that for married couples, and USD 500 per child for parents. If the recipient chooses to get the ‘economic impact payment’, they get a drop-down menu with a list of almost two dozen banks to choose from, according to BleepingComputer.
The list of banks includes Wells Fargo, Chase, Bank of America, Citibank, Capital One, Scotia, Compass, SunTrust, Fifth Third, M&T, Santander, the Navy Federal Credit Union. After typing in the credentials, the victim gets an error message saying that they provided the wrong data. In the background, the info is sent to the attacker.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now