On March 18, the federal government signed into law a roughly $2 trillion stimulus package, the CARES Act, aimed at helping the U.S. economy recover from the impacts of the coronavirus pandemic.
Americans and businesses alike have received some level of relief in subsequent weeks. But plenty of questions have popped up, too.
Individuals and families earning below a certain income threshold were promised relief checks. But how would the payments be fulfilled? Administrators scrambled to execute quickly on the relief measures, but people weren’t sure where to find reliable information. Financial institutions, as well as the IRS, hastily launched websites to answer common queries. But many questions weren’t addressed. And in many cases, people couldn’t connect with customer support to receive the answers they needed.
Even the IRS’ “Get My Payment” tool, which allows Americans to track their payments, has left tens of thousands of Americans with the dreaded “Payment Status Not Available” warning. Many have been left wondering why.
This frustrated, confused and sometimes desperate portion of the U.S. population has become a prime target for cyber scammers. And security professionals have been trying to prepare people for the kinds of malicious activity they’re likely to encounter.
Cyber threat researchers have uncovered a number of stimulus scams, most of which look similar to phishing efforts that happen over the annual tax season. Social engineers are launching websites that impersonate large financial institutions, claiming to have an individual’s stimulus check and asking for account details to release it. These phony sites are paired with phishing emails or posts that draw the mark in.
These researchers say that, so far, the stimulus phishing scams have been widely successful. This success underlines an important reality about cybersecurity that should never be overlooked: Human vulnerabilities are just as important to address as technical ones. In fact, considering that a majority of data breaches originate from an internal source (e.g. an employee inadvertently leaking data), these vulnerabilities are perhaps even more vital to acknowledge and deal with.
If you’re an employer responsible for training your staff in privacy and security matters, get some help from the pros. For more information about how Lunarline can help, contact us today.