With cybercriminals loving to be able to target victims where money is directly involved, security experts are anticipating a massive uptick in Stimulus-related scams.
We recently wrote about some initial scams attempting to exploit the just passed Stimulus Package to trick users into opening up and enabling malicious content within phishing emails. But security researchers at FireEye are expecting to see a lot more phishing campaigns and social engineering scams revolving around Stimulus checks, business loans, and unemployment compensation.
Quite frankly, so am I.
Think about it – one of the fundamental components of a good phishing scam is to create a sense of urgency. And, in a lot of cases, people need the financial assistance established in the Stimulus Package in any of its available forms. The urgency is there… and in copious amounts.
Scams can take the form of those that both we’ve seen and FireEye has documented – which mostly fall into the traditional malicious attachment methods of infection. But it’s conceivable for scams to use impersonation to make victims believe their bank, the IRS, or some other branch of the U.S. Government need to “verify” their banking details, ask them to logon to their bank to initiate an immediate transfer, etc. Since not a single U.S. citizen has ever gone through this ever, campaigns claiming and believed to be legitimate can easily trick phishing targets that “this is the way” to get their stimulus monies.
Educate your employees with Security Awareness Training – they need to be taught about these types of scams – regardless of whether the theme is COVID-19, an outstanding invoice, a package delivery, or any of a myriad of other stories told.
The checks are in the mail, as they say. But remember, the bad guys like free money just as much as you do – and are willing to take it from you, that is, if you let them.