US Tax Day has come and gone. Due to the COVID-19 pandemic, the US has delayed the filing deadline to July 15th. That is great news for many, AND additionally many taxpayers will be eligible for the US New Economic Stimulus program. The Internal Revenue Service (IRS) is now issuing warnings to alert the US public about a flood in Corona Virus-related scams over email, phone calls, or social media requesting personal identifying information (pii) while using the pandemic economic impact payments as a disturbing lure. This fraud wave has led to identity theft and tax-related fraud is using the COVID-19 crisis to trick desperate individuals into sharing their sensitive pii in exchange for help to quicken their entitled COVID-19 economic impact payments. These unscrupulous scammers never seem to take a day off and whenever possible, they will take advantage of a disaster to selfishly benefit themselves.
The IRS will never contact you for the information they already have in their records. "We urge people to take extra care during this period. The IRS isn't going to call you asking to verify or provide your financial information so you can get an economic impact payment or your refund faster," IRS Commissioner Chuck Rettig said. "That also applies to surprise emails that appear to be coming from the IRS. Remember, don't open them or click on attachments or links. Go to IRS.gov for the most up-to-date information." Cyber threat analysts with Red Sky Alliance are currently tracking numerous variants of malware being used in conjunction with good old fashion social engineering and phishing campaigns. In politics there is a saying that you should never left a disaster go to waste. Well, the same hold true with criminal behavior.
The COVID-19 economic impact payments are going to be distributed within the next few weeks, even though scammers will promise to get them deposited in your bank account a lot faster, as United States Attorney for Eastern Kentucky Robert M. Duncan explained in a US Department of Justice March 2020 press release and reinforced through many federal partners like US SEN. J. Shaheen, D-NH. Most of the eligible Americans will have the funds sent as a direct deposit into their bank accounts per the US Department of the Treasury, while those without direct deposit capabilities will receive the approved $1,200 economic impact payments via paper check.[1] The scammers attempting to exploit taxpayers' hardship caused by the COVID-19 pandemic and playing on their anxiousness to receive already approved payments, try to get them to 'verify' the information needed for the money to be deposited. This stolen information will be used later by the crooks to file false tax returns as part of identity theft schemes. "Because of this, everyone receiving money from the government from the COVID-19 economic impact payment is at risk," US Attorney Duncan warned.
Retired US citizens are the most exposed to these scams and are reminded by the US IRS that it will not ask them for info related to the coronavirus economic impact payment by phone, email, mail or in person; again they already have the information and do not need to verify any information. If you have older relatives, please speak to them as soon as possible about not sharing any pii to any caller, email or USPS request. Scammers use a wide variety of tactics to trick people into sharing their personal or financial information, with some of them potentially attempting to:
- Emphasize the words "Stimulus Check" or "Stimulus Payment." The official term is economic impact payment.
- Scammer ask the taxpayer to sign over their economic impact payment check to them.
- Ask by phone, email, text or social media for verification of personal and/or banking information saying that the information is needed to receive or speed up their economic impact payment.
- Suggest that they can get a tax refund or economic impact payment faster by working on the taxpayer's behalf. This scam could be conducted by social media or even in person.
- Mail the taxpayer a bogus check, perhaps in an odd amount, then tell the taxpayer to call a number or verify information online in order to cash it.
Taxpayers should in no situation share their banking information with others when being asked to provide them by any party. "Those taxpayers who have previously filed but not provided direct deposit information to the IRS will be able to provide their banking information online to a newly designed secure portal on IRS.gov in mid-April," the IRS said.
Detailed and official info on the COVID-19 economic impact payments is available on the IRS.gov Coronavirus Tax Relief page, with info on who is eligible and how will the IRS know where to send the payments accessible here.
Taxpayers who have been or will be targeted by fraudsters with Coronavirus-related or other types of phishing attempts via unsolicited emails, text messages, or social media are urged by the IRS to report them to phishing@irs.gov.
Red Sky Alliance has been has analyzing and documenting cyber threats for 8 years and maintains a resource library of malware and cyber actor reports.
The installation, updating and monitoring of firewalls, cyber security and proper employee training are keys to blocking attacks. Please feel free to contact our analyst team for research assistance and Cyber Threat Analysis on your organization.
What can you do to better protect your organization today?
- All data in transmission and at rest should be encrypted.
- Proper data back-up and off-site storage policies should be adopted and followed.
- Update disaster recovery plans and emergency procedures with cyber threat recovery procedures.
- Institute cyber threat and phishing training for all employees, with testing and updating.
- Recommend/require cyber security software, services and devices to be used by all at home working employees and consultants.
- Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.
- Ensure that all software updates and patches are installed immediately.
- Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories including Keyloggers, with having to connect to your network.
- Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com Interested in a RedXray demonstration or subscription to see what we can do for you? Sign up here: https://www.wapacklabs.com/redxray
Reporting: https://www.redskyalliance.org/
Website: https://www.wapacklabs.com/
LinkedIn: https://www.linkedin.com/company/wapacklabs/
Twitter: https://twitter.com/wapacklabs?lang=en
[1] https://www.bleepingcomputer.com/news/security/irs-warns-of-surge-in-economic-stimulus-payment-scams/
Comments