Download PDF version Contact company

In this attack, attackers impersonate a message from the United States government, claiming to provide information on the Paycheck Protection Program in an attempt to steal valuable credentials.

Summary of the attack target

  • Platform: Office 365
  • Mailboxes: Less than 10,000
  • Bypassed Email Gateway: Proofpoint
  • Victims: Employees
  • Payload: Link
  • Technique: Impersonation

What was the attack?

1) Setup: Fraudulent actors continue to capitalise on the ongoing pandemic by intercepting information from the vulnerable as Congress extends the Paycheck Protection Program. This attack features an instance where attackers carefully craft an impersonated government message to phish for credentials.

If recipients fall victim to the phishing ploy and enter their credentials, they provide attackers with information

2) Email Attack: In this attack, the recipient receives an email from what appears to be the government by using a spurious domainHowever, the domain is registered to an owner in Torino, IT, which should indicate an immediate red flag as the email claims to provide information for a US-based program. The body of the message claims to provide continued financial relief aid and directs the recipient to the embedded link to learn more. Upon following the link, the recipient is led to a form that acts as a form for PPP loan qualification. 

3) Payload: The email’s body contains a brief statement regarding Congress’s extension of PPP along with a link to an application form that claims to be a World Trade Finance PPP 2021 Data Collection form. Within the form, the recipient is expected to enter sensitive information including their business legal name, full name, business email, date of birth, social security number, and more.

4) Result: If recipients fall victim to the phishing ploy and enter their credentials, they provide attackers with confidential information that would expose their business to fraudulent activity.

Why was this attack effective?

Convincing landing page: The email seems convincing because the email contains “gov” in the domain, leading the recipient to believe this is a legitimate message from the government. Further, the email signature is signed as the President of the World Trade Finance organisation, in an attempt to legitimise the email.

Widespread Attack: The attack was sent to a mass amount of receipts, increasing its chances of someone falling prey.

Download PDF version Download PDF version

Related videos

VIVOTEK's VORTEX helps AVS cut false alarms by 90% and boosts MINI of Portland's efficiency

VIVOTEK's VORTEX helps AVS cut false alarms by 90% and boosts MINI of Portland's efficiency
OPTEX REDSCAN mini series protects The Londoner Hotel

OPTEX REDSCAN mini series protects The Londoner Hotel
Success case of Dahua DeepHub at Achat Hotel

Success case of Dahua DeepHub at Achat Hotel

In case you missed it

Highlights from GSX 2024 include cutting-edge innovation
Highlights from GSX 2024 include cutting-edge innovation

An attention-grabbing exhibit at GSX 2024 in Orlando involved a robot dog that could open a door.  Boston Dynamics robot dog ASSA ABLOY impressed attendees with the robotics...

Indonesia immigration boosts security with HID U.ARE.U™ Camera
Indonesia immigration boosts security with HID U.ARE.U™ Camera

Reliable identity verification is an unwavering requirement at mission-critical checkpoints such as border crossings. Oftentimes, however, this involves slow manual processes that...

How are wearable technologies impacting the security market?
How are wearable technologies impacting the security market?

The most common wearable device deployed by security professionals is the body-worn camera. Traditionally used by law enforcement professionals, these devices are finding more and...

Featured white papers
Cybersecurity for enterprise: The essential guide to protecting your business

Cybersecurity for enterprise: The essential guide to protecting your business

Download
5 surprising findings from OT vulnerability assessments

5 surprising findings from OT vulnerability assessments

Download
The 2024 state of physical access trend report

The 2024 state of physical access trend report

Download
Guide for HAAS: New choice of SMB security system

Guide for HAAS: New choice of SMB security system

Download
Security practices for hotels

Security practices for hotels

Download
Quick poll
What's the primary benefit of integrating access control with video surveillance?
More case studies
Rohde & Schwarz installs R&S QPS201 Quick Personnel Security (QPS) scanner at Kerry Airport

Rohde & Schwarz installs R&S QPS201 Quick Personnel Security (QPS) scanner at Kerry Airport
VIVOTEK provides a rigorous surveillance system for Peyrelongue Chronos to prevent robbery and safeguard surroundings

VIVOTEK provides a rigorous surveillance system for Peyrelongue Chronos to prevent robbery and safeguard surroundings
PAC Residential Cloud access control technology ensures enhanced safety and security for residents of the London Borough of Ealing

PAC Residential Cloud access control technology ensures enhanced safety and security for residents of the London Borough of Ealing
Featured products
Climax Mobile Lite: Advanced Personal Emergency Response System (PERS)

Climax Mobile Lite: Advanced Personal Emergency Response System (PERS)
Milesight 4G Solar-Powered AI Camera Kit

Milesight 4G Solar-Powered AI Camera Kit
Dahua WizSense 2 Series AI-enhanced network camera

Dahua WizSense 2 Series AI-enhanced network camera