Cybercriminals have been taking advantage of the American Rescue Plan, the recently signed Covid-19 relief legislation. Researchers at Cofense found that threat actors are impersonating the IRS to distribute emails donning the agency’s official logo originating from a spoofed domain. The emails ask users to click on a malicious link to claim their Covid-19 relief money, however, the link infects targets with the Dridex banking trojan.
According to Cofense, the email states that the recipient is eligible for federal aid. The emails occasionally contain other enticing offers, such as vaccination registration, free food, or stimulus checks. Cofense found that the emails are not overly sophisticated, and most targets will be able to tell that it is fraudulent. However, the campaign leverages the economic struggles of US families to lure them into clicking on malicious links that infect their devices.
Read More: $4,000 COVID-19 ‘Relief Checks’ Cloak Dridex Malware