Share this article on:
A joint alert issued has been issued by the IRS, DHS’ Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury to raise awareness of the risk of phishing and other cyberattacks related to the Coronavirus Aid, Relief, and Economic Security (CARES) Act.
The CARES Act has made $2 trillion available to support businesses and individuals adversely affected by the COVID-19 pandemic, which will help to reduce the financial burden through economic impact payments to eligible Americans. CARES Act payments are being used as a lure in phishing attacks to obtain personal and financial information and attempts have been made to redirect CARES Act payments. All Americans have been urged to be on the lookout for criminal fraud related to the CARES Act and COVID-19.
The U.S. Government reports that many cybercriminal groups are using stimulus-themed lures in phishing emails and text messages to obtain sensitive information such as bank account information. Financial institutions have been asked to remind their customers to practice good cybersecurity hygiene and to monitor for illicit account use and creation.
Criminals are using CARES Act-themed emails and websites to obtain sensitive information, spread malware, and gain access to computer networks. “Themes for these scams might include economic stimulus, personal checks, loan and grant programs, or other subjects relevant to the CARES Act. These CARES Act related cybercriminal attempts could support a wide range of follow-on activities that would be harmful to the rollout of the CARES Act.”
Threat actors may seek to disrupt the operations of organizations responsible for implementing the CARES Act, including the use of ransomware to interrupt the flow of CARES Act funds and to extort money from victims. Federal, state, local and tribal agencies are being urged to review their payment, banking, and loan processing systems and ramp up security to prevent attacks.
Foreign threat actors have been discovered to be submitting fraudulent claims for COVID-19 relief funds, with one Nigerian business email compromise (BEC) gang known to have submitted more than 200 fraudulent claims for unemployment benefits and CARES Act payments. The gang, known as Scattered Canary, has been submitting multiple claims via state unemployment websites to obtain payments using data stolen in W-2 phishing attacks. The gang has submitted at least 174 fraudulent claims with the state of Washington and more than a dozen with the state of Massachusetts. At least 8 states have been targeted to date.
The U.S. Government has been distributing threat intelligence and cybersecurity best practices to help disrupt and deter criminal activity and the U.S. Secret Service is currently focussed on investigative operations to identify individuals exploiting the pandemic to ensure they are brought to justice and any proceeds of the crimes are recovered.
The IRS has reminded taxpayers that it does not initiate contact with taxpayers via email, text message, or social media channels to request personal and financial information such as bank account numbers, credit card information, and PINs. The IRS has warned Americans that copycat domains that may be set up to obtain sensitive information and to carefully check any domain for transposed letters and mismatched SSL certificates. The IRS is only using is www.irs.gov and the IRS-run site, https://www.freefilefillableforms.com/.
All Americans have been advised to be vigilant and monitor their financial accounts for signs of fraudulent activity and to report any cases of phishing attacks and other scams to the appropriate authorities. They should also alert their employer if they feel they may have fallen for a scam and revealed sensitive information about their organization.
The alert, Avoid Scams Related To Economic Payments, COVID-19, can be viewed on this link.