With the passage of the $2 trillion stimulus bill and economic relief plan, Assistant Professor of Information Security, Duane Dunston, says cybercriminals may attempt to exploit your fears, anxieties, and need for financial assistance.
I have not seen any evidence of coronavirus stimulus scams yet, though I’m sure they’re beginning to propagate via email, mail, or phone. Get ahead of any scams that are likely to prey on the passage of the coronavirus stimulus bill with this proactive alert.
Phishing scams may arise over email, web, or by phone. These fraudulent emails and web pages will ask you to sign up to receive your stimulus check or electronic transfer by providing your banking information or logging into your bank or other financial provider. Phone callers may claim they are from the IRS and ask you to confirm your bank account information, social security number, address, and name. Don’t provide this information. You’ll be giving criminals enough details to cause you great financial harm. Cybercriminals can use any or all of this information to confirm your identity, make inquiries, or change your financial accounts. Providing your financial information may allow someone to drain your savings or transfer your money to another account.
Because we pay taxes (and whether you file electronically or complete your taxes by paper and paper checks) the IRS already has your personal information. When you pay taxes through your employer, the IRS has your physical address. There is no need to send the IRS your information again to receive the stimulus refund. People who e-file tax documents and receive tax refunds electronically may receive their portion of the stimulus relief fund early, but there is no need to provide more information right now. Accordingly, you do not need to sign up for anything or give any website or individual your personal information.
At this time, the IRS website hasn’t provided any information about how payments will be made, though they clearly state on their site, “No sign-up needed.”
I also foresee phishing emails cropping up that may say things like, “your electronic transfer was rejected and you need to update your information.” Again, do not do it. If the IRS cannot send your money electronically, they will send it to the home address they have in their records, as you’ll see in their FAQ here. While the information in the FAQ applies to tax season, it’s still relevant now. For example, if 20,000 people mistype their financial information, the IRS doesn’t have the resources to contact 20,000 people, verify their identities, and try the electronic transfers again. They are not likely to send you an email or call to ask for updated information at this time either.
Be aware that talking to someone over the phone can be tricky. Callers may already have some of your personal information and will provide it to make it seem as if they’re legit. Don’t forget, a lot of your information is publicly available, and might include your family members’ names and even exact ages. These types of tricks are called social engineering, and they can make phone calls seem very convincing. Also, watch out for callers who begin with an emotional appeal about physical distancing and then ask for sensitive information. It’s a ruse to get you comfortable with them before they begin phishing. They’ll return to the topic of the coronavirus impact, then ask for sensitive information again. It is easy to get ensnared in these back-and-forth tricks.
If you think you gave information to someone unintentionally, contact your bank directly as soon as possible. Report the scam to the Federal Trade Commission. If you see unusual activity on your credit report, you may need to file a police report in order for the credit reporting agencies to take action.
Please be vigilant online at all times, but especially during this crisis.