By Noah Mizell and Schyler Gallant, Cofense Phishing Defense Center
During the COVID-19 pandemic there have been many phishing lures promising payouts or benefits to gain credentials to websites. An example of this threat is a phish being used to collect on benefits by impersonating the New Mexico Department of Labor. The Cofense Phishing Defense Center (PDC) has observed a phishing campaign that aims to harvest New Mexico Department of Labor credentials by preying on individuals wanting to see if they are eligible for COVID-19 benefits.
Figure 1: Email Body
While the email appears to come from the New Mexico Department of Labor, the email address is for the domain showingassistant[.]com, seen in Figure 1. Looking at the email body, the email states that in New Mexico extra benefits can be paid out due to the COVID-19 pandemic. To determine if a person is eligible and, if so, how much they may receive, they are obliged to fill out an online form to be notified via letter that’s followed by a debit card in the coming weeks. The email includes a link to the form and opt-in updates from the New Mexico Department of Labor. This is probably done to boost legitimacy. As seen in Figure 1, the links do not lead to a legitimate location.
Figure 2: Phishing Page
Figure 4: Phishing Page
Campaigns like this are used to gain confidence via a legitimate state system. This phish was also successful at getting through secure email gateways (SEGs) and into the inbox of targets. Cofense can help mitigate these types of clever ploys. Cofense products catch and mitigate phish via products for comprehensive phishing detection and response. Contact us to learn more.
|Indicators of Compromise||IP|