News Phishing Scams Use Stimulus Package as Bait

A few weeks ago, we touched on several cybersecurity scams that tried to use fear of the coronavirus to trick people into downloading malware. These included both your typical phishing emails (though these attempted to impersonate the World Health Organization, not your company’s accounting department), and “fancier” scams like fake webpages. One such scam involved a fake version of the map designed by John Hopkins University to show confirmed cases of COVID-19 in real time.  

Stimulus Scams

Time has passed since then, and now we are beginning to see new scams popping up. This time though, the scams aren’t talking about the coronavirus. At least, not directly. This time, they’re using the $1200 checks the government has promised us as bait. The Federal Stimulus package meant to bolster the economy and give U.S. citizens a financial windfall has officially passed, and bad actors aren’t wasting any time. Various officials and agencies, including the FBI, have cautioned U.S. citizens to be wary of any email or phone call relating to the stimulus checks. There have even been reports of text messages asking for this information. These scammers are hoping to convince victims to hand over their financial information, such as a PayPal login, by convincing them that the information is necessary to receive their check.  

Of course, these people do not work for the government, and are only out to steal your information. 

Real Communication

To quote the U.S. Department of the Treasury, “If you receive calls, emails, or other communications claiming to be from the Treasury Department and offering COVID-19 related grants or stimulus payments in exchange for personal financial information, or an advance fee, or charge of any kind, including the purchase of gift cards, please do not respond. These are scams.” 

These tactics are employed in times of crisis specifically because they work. When people are panicking, or desperate for information, that is when they are most likely to fall for a phishing attempt. And remember, phishing attempts are getting more sophisticated all the time. Malware won’t always come in the form of an attachment, so another good rule of thumb is to never trust a login page that comes from a suspicious email. Hackers can create “false” login screens that look real but are secretly capturing what you type.

Remember to stay safe, keep a level head, and never open attachments from emails you weren’t expecting to receive. 

Questions about cybersecurity? Head over to our Contact page to reach out to our team of experts.