1 min read

Phishing Campaign Uses New York Department of Labor Logo and Pandemic Aid Info to Steal Private Information

Silviu STAHIE

December 21, 2020

Phishing Campaign Uses New York Department of Labor Logo and Pandemic Aid Info to Steal Private Information

Security researchers have identified a new phishing campaign using a message purportedly from the New York Department of Labor to trick people into giving the attackers personal data.

Threat actors often target personal user data in phishing campaigns because they can easily help in fraud and identify theft. Such credentials are highly sought on the black market, which is why many phishing emails aim in this direction.

In this situation, the attackers take a subject of great interest in the United States, such as the currently discussed pandemic aid, and try to convince people to offer their details in a spoofed website.

“The attacker impersonates the New York Department of Labor by disguising their identity with the display name “noreply@labor.ny.gov” and displaying the New York State logo at the top of the email,” says Abnormal Security.

“However, a closer look reveals the true sender to be “naij30@naija9icevibes.com”, a Panamanian-registered domain with no association to the New York state government. The attacker claims that the government will administer a $600 relief fund to citizens who fill out the indicated form.”

If successful, the attacker gets the user”s name, address, date of birth, social security number and driver”s license.

The email also adds a sense of urgency to the claim and the use of official logos and seemingly official email address helps to make this an efficient way to steal private information.

As usual, the best protection against this kind of attack is to always keep in mind that such private data should never be shared online and that authorities will never ask for it in such a manner. The same goes for financial information. If you believe you”ve fallen for such an email, keep an eye on your financial situation and report any suspicious activity.

Were you a victim of a data breach? Time to find out with Bitdefender”s Digital Identity Protection tool.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read