By Noah Mizell and Schyler Gallant, Cofense Phishing Defense Center
During the COVID-19 pandemic there have been many phishing lures promising payouts or benefits to gain credentials to websites. An example of this threat is a phish being used to collect on benefits by impersonating the New Mexico Department of Labor. The Cofense Phishing Defense Center (PDC) has observed a phishing campaign that aims to harvest New Mexico Department of Labor credentials by preying on individuals wanting to see if they are eligible for COVID-19 benefits.
Figure 1: Email Body
While the email appears to come from the New Mexico Department of Labor, the email address is for the domain showingassistant[.]com, seen in Figure 1. Looking at the email body, the email states that in New Mexico extra benefits can be paid out due to the COVID-19 pandemic. To determine if a person is eligible and, if so, how much they may receive, they are obliged to fill out an online form to be notified via letter that’s followed by a debit card in the coming weeks. The email includes a link to the form and opt-in updates from the New Mexico Department of Labor. This is probably done to boost legitimacy. As seen in Figure 1, the links do not lead to a legitimate location.
Figure 2: Phishing Page