{"id":1132,"date":"2023-07-21T12:23:50","date_gmt":"2023-07-21T19:23:50","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=1132"},"modified":"2023-07-21T12:23:51","modified_gmt":"2023-07-21T19:23:51","slug":"phishing-from-7-19-2023-aotc-education-credit","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/1132","title":{"rendered":"Phishing from 7\/19\/2023: &#8220;AOTC education credit&#8221;"},"content":{"rendered":"\n<p class=\"has-large-font-size\">Original Phishing Message<\/p>\n\n\n\n<p><strong>From: <\/strong>Hackers Linda &lt;Linda.Hackers[@]nelft[.]nhs[.]uk><br><strong>Subject: <\/strong>AOTC education credit <\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"601\" height=\"724\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2023\/07\/7-19-23-irs-phishing.jpg\" alt=\"\" class=\"wp-image-1133\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2023\/07\/7-19-23-irs-phishing.jpg 601w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2023\/07\/7-19-23-irs-phishing-249x300.jpg 249w\" sizes=\"auto, (max-width: 601px) 100vw, 601px\" \/><\/figure>\n\n\n\n<p class=\"has-large-font-size\">Tips for Detection<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>The IRS does not initiate contact with taxpayers via email, text messages, or social media. Communication from the IRS is generally via U.S. mail.<\/li><li>Notice the mismatch of who is sending the email as the signature mentions both the IRS and NHS. <\/li><li>Hover over the links. Though some go to the legitimate site of id[.]me, one link goes to idme-connect[.]net which is a phishing site masquerading as an id[.]me + IRS site. <\/li><\/ul>\n\n\n\n<p class=\"has-large-font-size\">Text of Phishing Message<\/p>\n\n\n\n<p><strong>From: <\/strong>Hackers Linda &lt;Linda.Hackers[@]nelft[.]nhs[.]uk><br><strong>Subject: <\/strong>AOTC education credit<\/p>\n\n\n\n<p>Dear Staff\/students,<\/p>\n\n\n\n<p>We are pleased to inform you that, after the recent annual calculation of your educational expenses, you have been determined eligible to receive an education credit from the American Opportunity Tax Credit (AOTC) in the amount of $2,500.<\/p>\n\n\n\n<p>To ensure you receive your education credits, it is important that you Connect your id.Me account to verify your identity and submit your direct deposit details. Please note that having a verified id.me account is a requirement to claim your credit. If you do not currently have an ID.me account, kindly create one by visiting Create an ID.me account &#8211; ID.me<\/p>\n\n\n\n<p>Thank you for your attention to this matter.<\/p>\n\n\n\n<p>Sincerely,<\/p>\n\n\n\n<p>Internal Revenue Service (IRS)<\/p>\n\n\n\n<p>77 K St. NE<\/p>\n\n\n\n<p>Washington, DC 20002<\/p>\n\n\n\n<p>The information contained in this email is intended only for the addressee(s). It may contain privileged and confidential information and, if you are not the intended recipient, you must not read, copy or distribute it, nor take any action in reliance upon it. If you have received this email in error, please inform the sender as soon as possible and delete the email from your computer. Information contained in this email may be subject to public disclosure under the Freedom of Information Act 2000 or the Environmental Information Regulations 2004.<\/p>\n\n\n\n<p>NELFT NHS Foundation Trust<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Original Phishing Message From: Hackers Linda &lt;Linda.Hackers[@]nelft[.]nhs[.]uk>Subject: AOTC education credit Tips for Detection The IRS does not initiate contact with taxpayers via email, text messages, or social media. Communication from the IRS is generally via U.S. mail. Notice the mismatch of who is sending the email as the signature mentions both the IRS and NHS. [&hellip;]<\/p>\n","protected":false},"author":521,"featured_media":1133,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-1132","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1132","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=1132"}],"version-history":[{"count":1,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1132\/revisions"}],"predecessor-version":[{"id":1134,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1132\/revisions\/1134"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/1133"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=1132"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=1132"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=1132"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}