11 Sep Avoid scams related to economic payments
The U.S. Government continues to encounter instances of criminals using stimulus-themed emails and text messages to trick individuals into providing personally identifiable information and bank account details.
We expect, at a minimum, criminals to use CARES Act-related and/or -themed emails or websites to trick financial institutions and their customers into providing criminals with personal or banking information or access to computer networks. Themes for these scams might include economic stimulus, personal checks, loan, or grant programs.
Countering these threats:
The U.S. Government and international partners have increased their distribution of threat intelligence and best practices to industry and local governments to achieve the immediate effect of disrupting and deterring this criminal activity. See the CISA and the United Kingdom’s National Cyber Security Centre (NCSC) alerts on COVID-19 Exploited by Malicious Cyber Actors and APT Groups Target Healthcare and Essential Services for more information.
The USSS is focusing its investigative operations on ensuring that those who seek to exploit this pandemic are brought to justice and that the proceeds of their criminal activity are recovered; these investigations will include actions over the near term, but also in the coming months and years to hold criminals accountable and recover assets.
See the Secret Service’s alert on phishing during COVID-19, and guide to identifying a legitimate stimulus check.
Understand how the IRS communicates electronically with taxpayers.
-The IRS does not initiate contact with taxpayers by email, text messages, or social media channels to request personal or financial information.
-This includes requests for personal identification numbers (PINs), passwords, or similar access information for credit cards, banks, or other financial accounts.
-The official website for the IRS is www.irs.gov though some stimulus recipients may also need to use this IRS- run site, https://www.freefilefillableforms.com/. Beware of similar domain names and mismatched SSL certificates.
-Navigate to the official site from https://www.irs.gov/coronavirus/non-filers-enter-payment-info- here to avoid mistyping the domain name.
Take action to avoid becoming a victim.
If you believe you might have revealed sensitive information about your organization or access credentials, report it to the appropriate contacts within the organization, including network administrators. They can be alerted for any suspicious or unusual activity.
Watch for any unexplainable charges to your financial accounts. If you believe your accounts may be compromised, contact your financial institution immediately and close those accounts.
If you believe you might have revealed sensitive account information, immediately change the passwords to those accounts. If you used the same password for multiple accounts, make sure to change the password for each account and do not use that password in the future.
Report suspicious phishing communications.
Email: If you read an email claiming to be from the IRS, do not reply or click on attachments and/or links. Forward the email as-is to firstname.lastname@example.org, and delete the original email.
Website: If you find a website that claims to be the IRS and suspect it is fraudulent, send the URL of the suspicious site to email@example.com with the subject line, “Suspicious website.”
Text Message: If you receive a suspicious text message that claims to be from the IRS, do not reply or click on attachments and/or links. Forward the text as-is to the IRS at 202-552-1226 (standard text rates apply), and then delete the original message (if you clicked on links in SMS and entered confidential information, visit the IRS’s identity protection page).
If you are a victim of any of the above scams involving IRS impersonation, please report to firstname.lastname@example.org, and file a report with the Treasury Inspector General for Tax Administration, the Federal Trade Commission, and the police. To report a crime, contact your local Secret Service field office: https://www.secretservice.gov/contact/field-offices/.