DoJ and IRS Warn Taxpayers of Potential Scams in Relation to COVID-19 Economic Impact Payments

April 14, 2020

Recently, the U.S. Attorney’s Office for the Western District of Louisiana and the Internal Revenue Service – Criminal Investigation (IRS-CI) cautioned taxpayers of the opportunity for criminals to steal economic impact payments through various means of deception.

The Coronavirus Aid, Relief, and Economic Security Act (CARES Act) was signed into law on March 27, 2020. Under the CARES Act, millions of Americans will start to receive COVID-19 economic impact payments from the IRS in the upcoming weeks. For most Americans, this one-time direct payment will be delivered primarily through direct deposit into their bank account.

Criminals have already begun deceiving taxpayers through unsolicited phone calls, emails, text messages or phishing attacks purporting to be from the IRS in attempts to steal these payments, says the DoJ. Scammers are also trying to get taxpayers to sign their checks over to them through various means. Everyone receiving money from the government as a result of the COVID-19 economic impact payment is potentially at risk.

Hank Schless, Senior Product Marketing Manager at Lookout, says, “This is not the first time that small businesses have been targeted by malicious actors. In late 2019, a phishing campaign was discovered by Lookout PhishingAI that impersonated local government websites including the City of Tampa, the City of San Mateo, and Dallas County. The goal of these targeted campaigns, including any related to coronavirus, is to steal personal information such as Tax IDs, Social Security numbers and banking information."

"In order to avoid these attacks, always look for a ".gov" at the end of the email or website, as that URL ending is reserved only for validated government bodies," adds Schless. "Additionally, small businesses should always validate communication from the government regarding relief loans. If the communication is not from a .gov, call the agency in charge and ask if they sent the message. If you are on a mobile device, always check the full URL, as mobile browsers shorten them, before clicking on it or submitting any information in a form.”

Alex Guirakhoo, Strategy and Research Analyst at Digital Shadows, notes that, “Phishing attacks are one of the most common forms of social engineering. Cybercriminals are well aware of the fears and uncertainties many small businesses are currently facing with the COVID-19 pandemic. As a result, COVID-19-related phishing lures have been incredibly common over the past few months as cybercriminals attempt to capitalize on the social and economic disruption caused by the pandemic. With shelter-in-place orders now being implemented across the globe, many organizations have had to adapt their business models to allow for employees to work from home. For organizations with a strong remote work culture, this has been relatively straightforward. But for others, particularly small businesses in sectors where remote work comes less naturally, this has been more challenging. With teams now working physically distant from one another, using new communications platforms they often have little experience with, the risk of falling victim to social engineering attacks has become greater. "

"Promoting a strong sense of security culture, while always relevant, is now more important than ever before. Small businesses should ensure their employees are aware of some of the more common phishing lures. Emails that claim to offer COVID-19 infection maps, contain important government alerts, or offer deals on medical equipment that seem too good to be true should raise suspicions, especially when sent from unknown, external sources. Individuals should never give away their personal or sensitive corporate information to an unsolicited email, and should always be wary of emails that contain suspicious documents or URLs. If possible, small businesses should ensure that their employees have a clear and simple path to report potentially malicious emails. This is particularly important now that employees are physically separated from their security teams," says Guirakhoo.

Rui Lopes, Engineering and Technical Support Director at Panda Security, says, “In the midst of a worldwide pandemic, criminals are seeking to profit from the plague and small businesses are particularly at risk. Whether it’s through social engineering, robocalls, or email phishing, there are false claims circulating about how to receive federal coronavirus relief loans. Don’t be duped; never respond to pre-recorded phone call messages, carefully check the email addresses and content of emails promising anything, and be wary of anyone claiming to be from a bank, should they attempt to contact you. When in doubt, if it seems too good to be true, it probably is. Independently verify any information not by clicking on provided links, but through navigating to official websites on your own.”

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.