A credential-phishing email campaign is making the rounds, using the lure of coronavirus tax relief to scam people into giving up their personal information. The emails purport to contain an important document about COVID-19 relief funds from the IRS. Clicking the link in the email leads readers to a SharePoint form that they were told to complete before accessing the document. The phishing page was in fact hosted on a compromised user s SharePoint account, lending legitimacy.
Source: https://threatpost.com/irs-covid-impact-payment-deadlines-phish/159913/