Phishers Spoof New York Department of Labor
Scammers are impersonating New York State's Department of Labor to steal personal information from state residents seeking to claim money from a COVID relief fund.
Targets are sent an email bearing the state logo that appears to come from “firstname.lastname@example.org.” The email states that by activating their account, the recipient will receive $600 in pandemic aid.
It reads: "Dear Citizen, Due to Covid-19 related issues, NY.GOV will pay $600 for victims who are affected by this pandemic. Please complete the online form to join the aids program. Please click here to active your account. Please do not close out of the browser while completing the account activation. Thank you, New York State."
A malicious link contained within the email directs the target to a webpage controlled by the attackers. The page has been set up to mimic a page on the New York State government site.
Targets are instructed to fill in a form that asks for their name, address, date of birth, Social Security number, and driver’s license number.
The new phishing attack was detected by researchers at Abnormal Security, who believe that it could have landed in as many as 100,000 mailboxes.
Researchers found that the email's true sender was “email@example.com,” a Panamanian-registered domain that is not associated with the New York state government.
"The email contains an embedded link that should supposedly lead to a NY.GOV site, but actually points to 'https://thesender[.]org/fjc4'," wrote researchers. "After clicking on the hypertext, the link redirects to 'bo2.cloudns.cl/NYU/cnf[.]php,' a phishing page posing as a legitimate government website."
"Although this landing page displays the official New York state government logo, the URL is not associated with the New York Department of Labor."
Researchers noted that the attackers had used the lure of money coupled with an air of authority created by impersonating an official government entity to incentivize the target to act quickly. They also observed that the timing of the attack may have given it added legitimacy.
"Americans have already received pandemic stimulus checks from the government, so a recipient of this email may be more likely to believe that the government is offering additional relief as the pandemic continues," wrote researchers.