好的,我现在需要帮用户总结一篇文章的内容,控制在100个字以内,并且不需要特定的开头。首先,我得仔细阅读这篇文章,理解其主要内容。 文章主要讲的是Interactive Brokers这个在线交易平台被钓鱼攻击的情况。Cofense Phishing Defense Center发现有钓鱼邮件伪装成IRS合规要求,要求用户更新Form W-8BEN。邮件中的链接引导用户到一个伪造的登录页面,窃取用户的凭证。 接下来,我需要提取关键信息:Interactive Brokers、钓鱼攻击、伪装成IRS邮件、Form W-8BEN、伪造登录页面、窃取凭证。然后把这些信息浓缩成一句话,不超过100字。 可能的结构是:Interactive Brokers遭遇钓鱼攻击,邮件伪装成IRS合规要求,诱导用户更新Form W-8BEN并输入凭证到伪造页面。 检查一下字数是否合适,确保信息完整且简洁。这样用户就能快速了解文章的核心内容了。 </think> 文章指出网络钓鱼攻击伪装成Interactive Brokers的IRS合规通知,诱导用户更新Form W-8BEN并进入伪造登录页面窃取凭证。 2026-4-13 05:0:0 Author: securityboulevard.com(查看原文) 阅读量:7 收藏
By Don Santos, Cofense Phishing Defense Center
Online trading platforms are popular among investors. Both beginners and professionals use them to study the financial markets, manage investments, and make profits online. Interactive Brokers is one such trusted platform, known for its low pricing and global market access.
With presence in over 200 countries, the brand has now become a viable target for threat actors. The Cofense Phishing Defence Center (PDC) recently uncovered phishing campaigns impersonating Interactive Brokers, potentially putting accounts and financial investments at serious risk.
The campaign starts with an email shown in Figure 1. The subject appears to be an IRS Compliance Requirement from Interactive Brokers, requesting a renewal of Form W-8BEN. This form is a mandatory requirement for non-US individual account holders of Interactive Brokers (IBKR) to certify foreign status.
Users of the platform could easily view this as legitimate, but further examination says otherwise. Figure 1 below reveals that the sender email address is [email protected], which is not the official email domain of Interactive Brokers (@interactivebrokers.com).
Figure 1: Email Body
This is the first indication that the email is suspicious. Checking the email content in Figure 1 explains the nature of the request, asking the receiver to renew their Form W-8BEN. The message also states the benefits of compliance, such as avoiding the automatic 30% withholding on US income and claiming tax treaty benefits.
This approach of using Form W-8BEN renewal can easily catch the receiver’s attention, as it leverages the actual requirements for using this platform. Included in the email body is a link with “Renew Certification Now”, prompting the receiver to click the URL to proceed.
Clicking the link opens a website that appears to be an Interactive Brokers login page, as shown in Figure 2. Checking the address bar reveals that it is indeed a different website <hXXps://wbnoebe[.]com/login>. If the recipient attempts to log in using their username and password, their credentials are sent over to the threat actor’s C2 server, <hXXps://wbnoebe[.]com?token
.png?language=en "Fig2 (1)")
Figure 2: Phishing Page
As online trading becomes more widespread, traders and investors are becoming increasingly attractive targets for threat actors. Not only for their login credentials, but also for their financial investments. This makes recognizing these threats a must to avoid potential losses. When receiving tax-related emails, users should always be alert, validate senders and URLs, and enable MFA as an additional layer of security.
Managed Phishing Detection and Response from Cofense can quickly identify and analyze threats that arrive in your inbox, giving customers a better defense against evolving email threats and malware campaigns like this. Schedule a demo with our team of experts today to learn more.
The post Interactive Brokers Phishing Scam: Fake IRS W-8BEN Renewal Alert appeared first on Cofense.
*** This is a Security Bloggers Network syndicated blog from Cofense authored by Cofense. Read the original post at: https://cofense.com/blog/interactive-brokers-phishing-scam-fake-irs-w-8ben-renewal-alert
如有侵权请联系:admin#unsafe.sh