fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Scammers Target Universities In Ongoing IRS Phishing Attacks

Scammers Target Universities In Ongoing IRS Phishing Attacks

The Internal Revenue Service (IRS) is warning of ongoing phishing attacks impersonating the IRS and targeting educational institutions.

The attacks use tax refund payment baits and mainly focus on universities’ staff and students with .edu email addresses.

“The phishing emails appear to target university and college students from both public and private, profit and non-profit institutions,” the US revenue service warned.

Tax refunds used as lures

These phishing messages use “Tax Refund Payment” or “Recalculation of your tax refund payment” subject lines to attract the targets’ attention and increase the phishers’ social engineering attacks’ success rates.

Abnormal Security researchers who spotted these attacks in the wild earlier this month said that they bypassed Office 365 security and landed in the mailboxes of between 5,000 and 50,000 targets.

Attackers redirect potential victims to phishing pages using links within asking the recipients to claim their refunds.

After landing on the phishing pages, the targets are then prompted to fill out a form with sensitive personal information, which the attackers can later use to commit fraud.

Also Read: PDPA Singapore Guidelines: 16 Key Concepts For Your Business

Phishing email and landing page (Abnormal Security)

The taxpayers are asked to provide a wide array of information, including their:

  • Social Security number
  • First Name
  • Last Name
  • Date of Birth
  • Prior Year Annual Gross Income (AGI)
  • Driver’s License Number
  • Current Address
  • City
  • State/U.S. Territory
  • ZIP Code/Postal Code
  • Electronic Filing PIN

“This impersonation is especially convincing as the attacker’s landing page is identical to the IRS website including the popup alert that states’ THIS US GOVERNMENT SYSTEM IS FOR AUTHORIZED USE ONLY’, a statement that also appears on the legitimate IRS website,” Abnormal Security revealed.

Targets advised to report and get an Identity Protection PIN

The IRS advises university staff and students who received one of these phishing emails not to click on any of the links embedded within and forward the emails (as file attachments) to [email protected].

They should also get an Identity Protection PIN ASAP to block identity thieves from filing fraudulent tax returns in their names using stolen personal information.

This IRS impersonation scam should also be reported to the Treasury Inspector General for Tax Administration for further investigation by IRS’ Criminal Investigation division.

Last year, aggressive scammers also impersonated the IRS in emails threatening targets with arrest warrants and legal charges unless they paid fake outstanding amounts related to late or missed payments.

Also Read: Data Protection Officer Singapore | 10 FAQs

The US Federal Trade Commission (FTC) said last month that the number of identity theft reports doubled in 2020 compared to 2019, reaching a record of 1.4 million reports within a single year.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us