Phishing for Your Stimulus Checks

April 30th, 2020   |     |  security and compliance, culture & news

Since we at OneLogin are a “Security First” organization, we want to make sure we’re keeping you as up to date as possible on what’s been happening in the world of scammers and bad actors during the COVID-19 pandemic. The latest concern you need to be aware of is the race to try to scam you out of your stimulus check or your personal information by using your stimulus check as a lure.

Earlier this month, Americans began receiving their $1,200 stimulus checks from the national government. If you set up direct deposit with the IRS during last year’s tax season, chances are, you’ve already received your check (or will very soon). If you’re in a more remote area or chose not to set up direct deposit, you’ll be receiving a paper check in the mail sometime in May.

The Federal Trade Commission has received upwards of 14,000 complaints from consumers about COVID-19–related internet and telephone scams, and the numbers keep rising. With the influx of a little extra cash on hand, it’s important that you’re aware of the potential threats coming your way to try to grab your cash. The IRS has issued a warning to all Americans, but has placed a special emphasis on seniors and retired folks who might not be as tech-savvy or aware of such scams.

To help you and your loved ones avoid falling prey to a phishing or vishing (the telephone equivalent of a phishing) attempt looking to cheat you out of your stimulus payment or personal information, we’ve compiled a list of a few key things to keep in mind when checking your email or answering your phone.

1. Economic Impact Payment vs Stimulus Check

The official term for the check you’ve received (or will be receiving soon) is economic impact payment. If you receive a call or email that refers to this payment as a stimulus check or stimulus payment, there’s a good chance the person on the other end is a scammer.

2. Sender Name vs Sender Email

Always check the actual email address of the sender rather than just looking at the name. This rule applies to all emails you suspect could be phishing. In some cases, you’ll see the sender’s name listed as “United State IRS,” but the email address is something totally unrelated, like, “xyz@gibiwibi.com.” Anything coming from the United States government will have something recognizable after the @ sign, like IRS.gov or WHO.int. Be wary of anything with a questionable email address, and avoid clicking any links or downloading any attachments.

3. Verification Requests

No one from the IRS will call you or email to ask you to verify your personal or banking information before sending this money. Anyone requesting your personal or banking information is phishing. Scammers may claim that they need this information to either send or speed up the receipt of your economic impact payment. They may also contact you via social media and claim that they can help you get your tax return or stimulus more quickly, a huge red flag. Special Note for Seniors and Retirees: The IRS has taken care to remind retirees and seniors who don’t file a tax return that they don’t have to do anything extra to receive their economic impact payments. No one from the IRS will be reaching out to you to request your personal or banking information. They are sending the $1,200 checks automatically.

4. Postcards and Access Codes

Related to the verification requests, the IRS is not sending out postcards that include special passwords or access codes that you can enter online to receive your payment or verify your banking info. This is a scam to get you to share your personal and financial information.

5. Real vs Bogus Checks

Some scammers are going as far as mailing bogus paper checks, often in amounts over the expected $1,200. The FTC reports that if you’ve already received a paper check, chances are, it’s bogus. The paper checks aren’t in the mail yet, and the earliest they’ll get to you is sometime in May. If you receive a check you’re not expecting, chances are you’ll be getting a phone call shortly after. The scammer on the other end will say that you’ve received more than you’re entitled to, and you should send back the difference in the form of cash, gift card, or money transfer.

Report Phishing Attempts

This is a scary and uncertain time for everyone. It’s easy to fall into a trap when the person on the other end of the line is creating a sense of urgency and a rush for you to act. Slow down and think before sharing any of your personal information, and if you suspect that you’re being targeted, report it.

The IRS is requesting that, “Those who receive unsolicited emails, text messages or social media attempts to gather information that appear to be from either the IRS or an organization closely linked to the IRS, such as the Electronic Federal Tax Payment System (EFTPS), should forward it to phishing@irs.gov.”

If you’ve received other emails or phone calls that you believe are COVID-19 related phishing, report those too. They could be from scammers claiming to represent the WHO, the CDC, the IRS, or a branch of the United States Government.

For more tips on how to protect yourself from scammers and cybercriminals, take a look at part at one of other recent articles regarding cybersecurity attacks related to COVID-19.

Alicia Townsend, Dir. of Content and Documentation
About the Author

For almost 40 years, Alicia Townsend has been working with technology as both a consultant and a trainer. She has a passion for empowering others to use technology to make their lives easier. As Director of Content and Documentation at OneLogin, Ms. Townsend works with technical writers, trainers and content marketing writers to inspire and empower everyone to take advantage of what OneLogin’s platform has to offer them.

View all posts by Alicia Townsend

Alicia Townsend, Dir. of Content and Documentation
About the Author

For almost 40 years, Alicia Townsend has been working with technology as both a consultant and a trainer. She has a passion for empowering others to use technology to make their lives easier. As Director of Content and Documentation at OneLogin, Ms. Townsend works with technical writers, trainers and content marketing writers to inspire and empower everyone to take advantage of what OneLogin’s platform has to offer them.

View all posts by Alicia Townsend

Secure all your apps, users, and devices