US Federal Reserve Economic Relief Phishing Campaign

Summary

The NJCCIC’s email security solution has identified and blocked multiple COVID-19 phishing campaigns consistent with open-source reporting, including those recently impersonating the US Federal Reserve with economic relief options through the Payment Protection Program in order to steal banking credentials. Phishing emails from the “Federal Reserve System” contain the subject line “Receive payment.” and include a link that, if clicked, directs the victim to a spoofed website with legitimate logos, stock photos, and FAQ section. Clicking on the “Get Economic Impact Payment Now” button displays a drop-down menu of banks to choose from. A login box, containing the selected bank and its logo, then prompts the victim to enter their banking credentials. If entered, an error message will display as the credentials are sent to the threat actors in the background.

Recommendations

The NJCCIC recommends users and organizations educate themselves and others on these continuing threats and tactics to reduce victimization. Users are advised to avoid clicking links, opening attachments, or providing personal or financial information in response to emails from unknown senders and exercise caution with emails from known senders. If you are unsure of an email’s legitimacy, contact the sender via a separate means of communication. We also advise users not to take action on emails promising economic relief and, instead, obtain information from official sources.