FBI’s Internet Crime Complaint Center (IC3) today warned of an ongoing phishing campaign delivering spam that uses fake government economic stimulus checks as bait to steal personal information from potential victims.
“Look out for phishing emails asking you to verify your personal information in order to receive an economic stimulus check from the government,” IC3’s alert says.
“While talk of economic stimulus checks has been in the news cycle, government agencies are not sending unsolicited emails seeking your private information in order to send you money.”
The FBI issued another warning about a phishing scam impersonating the Internal Revenue Service (IRS) in 2008 and trying to steal tax payers’ personal information using economic stimulus checks as bait.
CDC and WHO impersonators exploit the COVID-19 pandemic
Similar campaigns might also ask potential victims for donations to various charities, promise general financial relief and airline carrier refunds, as well as try to push fake COVID-19 cures, vaccines, and testing kits.
Other active phishing attacks are also taking advantage of the COVID-19 pandemic to infect victims with malware and harvest their personal info via spam impersonating the Centers for Disease Control and Prevention (CDC) and other similar organizations like the World Health Organization (WHO).
The FBI also says that scammers are also trying to sell products claiming to prevent, treat, diagnose, or cure the COVID-19 disease, as well counterfeit sanitizing products and personal protective equipment (PPE), including but not limited to N95 respirator masks, gloves, protective gowns, goggles, and full-face shields.
Possible types of COVID-19-themed scams and attacks as highlighted by U.S. Attorney Andrew Murray:
• Individuals or businesses selling fake cures for COVID-19.
• Online offers for vaccinations and test kits.
• Phishing emails or texts from entities posing as the World Health Organization (WHO) or the Centers for Disease Control and Prevention (CDC).
• Malware inserted in mobile apps designed to track the spread of COVID-19 that can steal information stored on devices.
• Malicious COVID-19 websites and apps that can gain and lock access to devices until a ransom payment is made.
• Solicitations for donations to fake charities or crowdfunding sites.
Phishing and scam defense
To avoid getting scammed by fraudsters, infected with malware, or have your personal information stolen, IC3 recommends not clicking on links or open attachments sent by people you don’t know and to always make sure that the websites you visit are legitimate by typing their address in the browser instead of clicking hyperlinks.
You should also never provide sensitive information like user credentials, social security numbers, or financial data when asked over email or as part of a robocall.
Microsoft today also shared a list of measures to protect against coronavirus-themed phishing attacks including keeping software up to date, using an anti-malware solution and an email service with phishing protection, as well as enable multi-factor authentication (MFA) on all accounts.
U.S. attorneys and federal prosecutors fight COVID-19 fraud
The FBI was joined this week by the Federal Trade Commission (FTC) and attorney generals and federal prosecutors (1, 2, 3, 4, 5, 6) across the US to investigate and fight against coronavirus-themed phishing and scams.
Warnings of increased malicious activity attempting to capitalize on the COVID-19 outbreak to infect their devices with malware, steal their sensitive info, and scam them.
“In a time of high stress and fear it is critical that for the public to know that law enforcement at all levels remains dedicated to protecting them from harm – whether it is from scams, frauds or violent crime,” U.S. Attorney Brian T. Moran said.
“As Attorney General Barr has directed, we will remain vigilant in detecting, investigating and prosecuting wrongdoing related to the crisis. To those who are engaged in perpetrating these schemes, you are on notice that my office will aggressively pursue you and hold you to answer for preying on our communities.”
“The pandemic is dangerous enough without wrongdoers seeking to profit from public panic and this sort of conduct cannot be tolerated,” Attorney General William Barr added in a communication to the U.S. attorneys.
U.S. Attorneys all over the states have also announced the appointment of federal prosecutors to coordinate and lead investigations and prosecutions of fraudsters trying to take advantage of people during the COVID-19 pandemic.
The European Commission, CERT-EU, ENISA, and Europol have also issued a statement today (1, 2, 3) about a joint mission to track and defend remote workers from coronavirus-themed malicious activities.
Coronavirus cure scams can be reported to the Federal Trade Commission (FTC) at https://www.ftccomplaintassistant.gov and any other suspicious activity, fraud, or attempted fraud to the FBI’s Internet Crime Complaint Center at https://www.ic3.gov.