Scammers Targeting Upcoming COVID Relief Checks, Tax Refunds
People are receiving fake forms containing malware to attach to stimulus checks that can steal personal banking information.
As millions of Americans await their COVID relief check, cybercriminals are already taking advantage of the situation to scam people out of their stimulus money.
The security company Proofpoint describes one effort where scammers sent out thousands of emails to Americans, asking them to fill out a fake form to apply for stimulus checks from the Internal Revenue Service.
“The goal that they have is to send their threat into that inbox and have someone click on it and they’ll do that by any means necessary. Typically, the best way to do that is some kind of social engineering. So it’ll say something like, ‘Oh, in order to see your stimulus check and how to get it, click here, enable these macros’ and then a piece of malware will typically infect the machine,” said Sherrod DeGrippo, senior director for threat research and detection at Proofpoint.
When users open that form, it launches a malicious software called Dridex, which can steal personal banking information and login credentials.
“I think there’s also going to be investment scams where they’re going to target that actual stimulus check, because one of the challenges adversaries had with COVID is with people out of work, But if you now know everyone’s going to get a certain amount deposited, that’s going to be something that they can easily go after,” said Dr. Eric Cole, founder & CEO of Secure Anchor, and author of “Cyber Crisis.”
Scammers are also using the ongoing pandemic to try to steal from businesses.
“We see executives often targeted with things like BEC email fraud saying, ‘Could you please make a change to the wire transfer? We’ve had a bank problem because of the lockdown,’ or ‘I’m unable to access our normal payment accounts because of coronavirus’ and no one questions it,” said DeGrippo.
Experts believe other tax-related scams will become more prominent closer to Tax Day on May 17.
“We see a significant amount of domains registered that are spoofing as if they’re in accountancy, as if they’re an agency of the IRS,” said DeGrippo.
“The IRS does not communicate with taxpayers via email, period. They make that a known fact,” said Cole.