The United States government is making plans to send millions of Americans stimulus checks of up to $1,200 each, plus $500 per child, as part of the Coronavirus Aid, Relief and Economy Security (CARE) Act. This government decision has already spurred scammers to adapt, prompting thousands of creative attacks driven to steal your identities and your wallets.
Not only are phishing and hacking becoming more frequent, but they’re also exponentially cheaper to do than it was a few years ago. Hackers and scammers are constantly evolving; as our technology grows more advanced, so do their skills, forever chasing that giant leap towards what might be the “next great step” in cyber. This wave of stimulus check scams is just the hackers’ attempts at evolving. Wondering what these stimulus check scams might look like, and how you might be able to avoid them?
The most important fact to know is that if you receive any form of communication, whether that be a phone call, text, or even an email, asking for you to verify your personal details or banking information to receive your stimulus check, it is a scam.
The IRS typically asks for information through the mail, but they likely will be using the information they already have on file for you from your 2018 and 2019 tax returns, and won’t have a need to contact you.
According to Business Insider, a multitude of stimulus check scams have already been reported in the past few days, including reports of victims receiving fake “stimulus checks” in the mail. The Treasury won’t be sending out checks for a few more weeks, so if you receive any check in the mail claiming to be a “stimulus check” for you to cash, it is a scam.
There have also been recent reports of scammers utilizing social media messages, urging people to enter their personal and/or banking information in order to receive their check [Forbes].
According to the Better Business Bureau (BBB), this could merely be displayed as a simple message or social media post with a link offering more information on how to claim your check. Once you click the link, you’ll be taken to a seemingly official website that prompts you to enter your personal information and/or banking details. To get you to act on the scam, the message or post might urge you to act immediately in order to receive your stimulus check, or may even offer additional money if you act “fast”.
This is not a new tactic by any means; scammers typically use to create an emotional response out of the victim. In order for scammers and hackers’ success rates to grow, scammers create a sense of urgency. In a normal phishing scam, they’ll tell you a frightening story of how your bank account is under a severe threat, and how you’ll really, really need to access it as soon as possible – typically a site where you must insert your credentials to confirm your identity or information.
The BBB has already received several variations of this stimulus check scam, including a Facebook post targeting seniors about a special grant to assist in paying medical bills. The link would lead to a website claiming to be a legitimate government agency called the “U.S. Emergency Grants Federation”. The site would then request your Social Security number to verify your eligibility to receive the check. Other versions of the scam claim that you can receive additional money or even receive your funds immediately if you share your personal details and pay a “processing fee”. Requests of up to $150k have been reported [BBB].
Note that the IRS and other government agencies would never seek out information from you from Facebook, Instagram, Twitter, etc.
A few key take-aways:
- When in doubt, don’t click on links. Don’t respond to suspicious messages, emails, or phone calls.
- Government agencies, such as the IRS, do not typically use social media, email, or phone calls to verify your personal information. At the most, they might resort to mail.
- If you receive a stimulus check in the mail this early, it is a scam.
Although most phishing is transmitted through email, it can also work through other mediums, such as phone calls. In the past few years, cyber attackers moved their focus on phishing attacks done through instant messaging services, SMS, social media networks, and even direct messages in games. No application is ever free from scammers, so you always have to be on the lookout.
If you spot a stimulus scam, here are some steps you can take to report it and ensure no one else falls victim to it: