100K People Targeted by Spoof IRS Websites

100K People Targeted by Spoof IRS Websites

Over 100,000 people were targeted by a large-scale summer threat campaign using fake IRS websites. 

The extensive phishing campaign was discovered by researchers at cloud security solutions provider Akamai.

Akamai's research team recorded threat actors using hundreds of different domains and URLs to impersonate the Internal Revenue Service of the United States over a two-month period beginning in mid-August 2019. 

Users were all directed to the same fake IRS login page, where they were asked to enter sensitive information, including their email address and password. 

In total, the campaign used at least 289 different domains and 832 URLs to target people all over the world. Most remained active for fewer than 20 days.

Most of the activity took place in the second half of August; however, researchers observed new websites being activated periodically over the course of a 47-day period.  

Threat actors appear to have targeted legacy websites, perhaps in an effort to delay detection.

Or Katz, principal lead security researcher at Akamai, told Infosecurity Magazine: "According to our analysis, we suspect that many of the websites that hosted the IRS phishing page are compromised (meaning that they are legit websites that have been taken over or hijacked by criminals). 

"In many cases these are legacy websites with minimal/no maintenance involved. This is what makes them vulnerable in the first place. Moreover, once compromised, it might also take more time to execute remediation of the vulnerability and cleaning of the website content." 

Katz suspects that opting for an August laun ..