Now a few months into the pandemic, the majority of Americans have received their federal stimulus checks as dictated by the CARES Act. Earlier in May, the U.S. government proposed a second act (HEROES) that aims to provide a second wave of economic aid. If passed, this bill would provide additional direct payments of up to $1,200 per individual – a boon for both Americans in need, as well as cybercriminals looking to turn a profit.
In an unfortunate display of animosity and antagonism, malicious actors have leveraged the pandemic as a way to profit off the fear and anxiety that has manifested within the general public. Fortunately, there’s some good news here: by educating yourself about the tells of these scams and what the government will and will not do, you can avoid becoming the victim of phishing or some other cyber-attack. What’s more - this critical knowledge extends beyond just a personal level. Cybersecurity awareness and training is not only beneficial to the individual, but also the organization that employs that individual. Let’s dive in.
Fortunately, there’s some good news here: by educating yourself about the tells of these scams and what the government will and will not do, you can avoid becoming the victim of phishing or some other cyber-attack.
What is the HEROES Act?
The Health and Economic Recovery Omnibus Emergency Solutions (HEROES) Act was first introduced in the House on May 12, 2020. The bill “responds to the COVID-19 outbreak and its impact on the economy, public health, state and local governments, individuals, and businesses.” Among other actions intended to bolster the American economy, the bill would reiterate the efforts of the CARES Act with another round of stimulus payments. The most recent action taken by Congress was on June 1, 2020, wherein the bill was read a second time and placed on the Senate Legislative Calendar under General Orders. In an interview on July 1, 2020, President Trump addressed his support for another round of Coronavirus stimulus and incentivizing Americans to return to work. The bill is currently still under review (as of July 7, 2020).
Why the HEROES Act will Attract Cybercriminals
During the first round of stimulus checks, cybercriminals leveraged the opportunity to scam the public with fake calls, emails, text messages, and social media notifications. While the volume of stimulus-related scams has diminished in recent weeks in correspondence with the timing of the CARES Act, malicious actors may still be trying to work this angle. If the HEROES Act is passed and the U.S. government engages in a second round of stimulus payments, cybercrime will surely surge in response to this opportunity to scam American citizens a second time. While government agencies have been working to educate the public on the nature of these scams and how they can protect themselves, many will still fall victim if a second wave of scams emerges.
What Do These Scams Look Like?
According to the FTC, bad actors may try to persuade their victims to pay a fee to receive their stimulus payment. Individuals may also be unknowingly coerced into providing their sensitive information - their Social Security number, bank account, or government benefits debit card account number. As previously stated, these scams may be delivered in the form of a call, email, text message, or via social media.
How Can You Protect Yourself?
Most people don’t have to do anything to receive their stimulus check since the IRS will use the same payment method (direct deposit, Direct Express debit card, paper check) they use to send your tax refund. However, if you don’t typically file a tax return, and thus the IRS does not have your tax information, you can visit www.irs.gov/coronavirus to learn how you can claim your payment. You can also use this secure site to check your payment status if you’re experiencing a delay or want to confirm your payment type.
If you do need to submit information to the IRS, you should only use irs.gov/coronavirus to do so. Remember – the IRS will never contact you via phone, email, text message, or social media to ask you for your personal information or to give you updates about your stimulus check. Don’t reply to a text message or phone call, and do not engage in a transaction to receive your stimulus check.
You should also be on the lookout for fake check scams. As the FTC states, “The IRS won’t tell you to deposit your stimulus check then send them money back because they paid you more than they owed you.” If you think you’re the victim of a scam, report it immediately to the Federal Trade Commission’s Complaint Assistant.
Cybercrime Extends Beyond the Individual
While this article is specific to individual scams, cybercriminals have exploited the public’s unease to develop scams on a much larger level, targeting businesses and entire industries. However, by training and encouraging your team to protect themselves on a personal level, your organization is simultaneously protected. For example, if an employee learns how to identify a phishing email that asks for sensitive information to confirm a stimulus payment, that individual may now also be better equipped to spot a phishing email down the road that asks them to confirm financials for a bogus wire transfer. Knowledge is a powerful tool, and when wielded by one, it can benefit the many.
If you’re concerned about the cybersecurity risk COVID-19 poses to your organization and its people, we can help. Whether it’s deploying modern tools and technologies to safeguard your environment, developing a cybersecurity training curriculum specific to your team, or helping you recover from a threat or attack to your business, our security experts have the knowledge, skills, and experience to assist. Contact our team today to get started.
Explore our cybersecurity services to find out how you can further protect your organization and its people.