Proofpoint closes acquisition of Tessian. Read More ->

Request a demo
Request a demo
Request a demo
Request a demo
Request a demo

Spotting the Stimulus Check Scams

Thursday, April 16th 2020
Spotting the Stimulus Check Scams

Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises.

Since the US government announced that citizens who make less than $75K would receive $1,200 checks, we have found that there have been 673 newly registered domains related to the $2T stimulus package. 

Unlike the domains spoofing the U.S. Census that we discovered earlier this month, these URLs aren’t intended to mimic official government websites. Rather, these domains have been set up to take advantage of the stimulus package, using common questions or key words to lure users in such as whereismystimuluscheck.com or covid-19-stimulus.com

Where do these new domains go?

When we looked at the newly registered domains more closely, we found that nearly half of the newly registered domains hosted websites offer the following services:

  • Consultancy: helping people with the paperwork to get their checks
  • Calculators: asking users to enter their personal information, such as their age and address, to find out how much money they are entitled to
  • Donations: giving people the opportunity to donate their check to a Covid-19 related cause
  • Business loans

We also found that 7% of these spoofed domains were spam websites, with no clear call to action.

With hackers capitalizing on this global health crisis to launch targeted phishing scams, people need to be mindful of what information they share on these sites. 

The thing is that cybercriminals will always follow the money, looking for ways to take advantage of the fact people will be seeking more information or guidance on the stimulus package. Although not every domain registered in the last month may be malicious, it’s possible that these websites offering consulting and business loans could be set up to trick people into sharing money or personal information. 

Our advice? Always check the URL of the domain and verify the legitimacy of the service by calling them directly before taking action. 

Think twice about sharing your data

It’s also important to consider what data you are being asked to share via websites offering calculators or status checks, and what the websites offer after you have taken an action. Cybercriminals could use the information you shared to craft targeted phishing emails that include the ‘results’ of your assessment, tricking you to click on malicious links with the intention of stealing money, credentials or installing malware onto your device.

Earlier this week, the IRS launched a new online resource for citizens to check on their payment status. We anticipate that even more URLs will crop up as a result of this.

How to avoid potential scams

  • Think twice before sharing personal information to calculator websites. If it doesn’t look right, it probably isn’t 
  • Make sure the educational sites offering consultancy services are legitimate before sharing information or money. Always check the URL and, if you’re still not sure, verify by calling the company directly
  • Never share direct deposit details or your Social Security number on an unfamiliar website
  • Take care when sharing your email address and other personal information on websites like the calculator ones and question the legitimacy of the emails sharing your results before clicking on any links
  • Always use different passwords when setting up new accounts on these websites