Economic Impact Payment aka Stimulus Payment Scam Impersonates Bank to Steal Banking Credentials and Money
The first Economic Impact Payment scam is making the rounds online. In this scam, hackers impersonate a bank and try to steal account login credentials from victims in order to steal their money. The hackers use email and a spoof website to trick the victim into giving them baking credentials to verify their identity and release the funds. Handing the scammers your banking credentials will only result in losing any money that is in the bank account. This impersonation scam was spotted by cyber security company Abnormal Security.
Although this is the first reported Economic Impact Payment Scam, not doubt it is not the last. The Stimulus payment checks have not even been issued yet. Hacker are just warming up.
In this impersonation scam, the hackers are targeting Office 365 users with an email that contains links to a malicious website. The phishing email informs the reader their stimulus payment has been credited but that they must first “verify” their account details because the payment has been put on hold. The email impersonates a major financial institution and contains cloaked links to a spoof website. If the reader clicks on the login link, they are redirected to a malicious website that steals the login information. If the victim enters their bank account login information on the website it is sent to the hackers.
The Economic Stimulus Payments are part of the Coronavirus Aid, Relief, and Economic Security (CARES) Act. The new law supplies $376 billion of much needed relief for individuals and businesses.
Email subject line: Covid 19 Stimulus Payment
Email Body: Prompts reader to verify banking account credentials (see image)
Economic Stimulus Payments Scams – What You Need to Know
If the target of one of these phishing email follows the link to the hacker’s website and then enters banking credentials , they will compromise their bank account and most likely lose all money it in. Although this email is brief and well written, phishing emails often have misspellings and grammar errors in them.
- The official name of these $1200 payments to US citizens is Economic Stimulus Payment. Any supposed “official” communications that use names like “Stimulus Checks,” “Stimulus Payment,” “Coronavirus stimulus payment,” or other variations to describe the economic impact payment are not official government communications.
- The US Treasury will attempt to send your Economic Stimulus Payments via direct deposit. You do NOT need to verify any information with anyone or any bank to receive your money
- As of today, NO Economic Stimulus Payments have been sent to anyone – either by check or by direct deposit
- Be highly suspicious of any email, website, telephone call, text message of other that asks you to verify banking credentials or other personal information
- NEVER click on links in emails from people or businesses you don’t know
- Do not open or download unsolicited email attachments
- If the email is from a business you do know or have a relationship with, go to their website and login. Read communications directly from your bank’s website
US Treasury Warns Citizens of Inevitable CARES Scams
Just last week, the U.S. Department of the Treasury and the Internal Revenue Service (IRS) warned citizens that scams attempting to steal Economic Impact Payments were inevitable. Although, none has been reported just a few days, ago, there are several variations making the rounds online. The Coronavirus pandemic has brought out hackers and scammers like gangbusters. Numerous phishing email scams are circulating with malicious email attachments attempting to infect computers with malware. INTERPOL also reports that hackers are increasingly targeting hospitals and large healthcare organization with ransomware attacks.
CARES Act – PPP Loans
Another part of the CARES Act is the $349B Paycheck Protection Program (PPP) Loan. With this part of the stimulus package businesses can take a low interest loan to cover payroll, rent and other business expenses. When used for certain things like payroll, the loan may be converted to a grant. In a National Small Business Town Hall hosted by Inc. Magazine and the U.S. Chamber of Commerce on Friday 03 April, the panelists cautioned that scammers are likely to target small businesses by offering “assistance” getting moeny faster or by filing paperwork on behalf of the owner. Both of which may result in losing more money.
Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers