WolkyTech

Stimulus Check Scams Can Steal Your Information — Avoid This Now

Security

Perhaps you have heard that there are millions of Americans who have not yet received their coronavirus crisis stimulus checks. Perhaps you are one of them. If so, you need to fill out a form on the IRS website to receive your money.

But don't be fooled by a new phishing scam that pretends to contain important news from the IRS. What it really is is simply an attempt to steal your password, social security number, and other important personal information.

Instead, read our article explaining why up to 9 million people have not yet been paid their stimulus checks; here is the real link to the IRS form you need to fill out to receive your check by November 21; here is the link to the IRS form you need to fill out to receive your check by November 21; here is the link to the IRS form you need to fill out to receive your check by November 21.

News of this stimulus check phishing scam comes from information security firm Armorblox.

"The wording and context of the email contained multiple emotional triggers to provoke the response needed by the victim," Anand wrote. The subject line of the email was "IRS Covid Relief Fund Update" and the sender's name was "IRS Covid Relief Funds." Citing the IRS is also an "authority" trigger that prompts prompt action from some people."

Email messages can be sent "by logging into the secure message center at ...... inviting you to click on a link to "review important updates about your Covid relief fund.

The link directs to a phishing page hosted from a real account on SharePoint, Microsoft's online document collaboration platform.

"The SharePoint account belonged to an employee of Reproductive Medicine Associates of Connecticut (RMACT). The attacker likely compromised this employee's account and exploited that SharePoint account for an IRS COVID relief phishing attack."

The phishing page was labeled "Microsoft Online Irs [sic] Covid Relief Funds Form" and included an email address, email account password, Social Security number and taxpayer ID (often the same), date of birth, driver driver's license number, and finally a field for the applicant's full name.

All of this information together is more than enough information to hijack your email account, take over other online accounts, open other accounts in your name, and completely steal your identity.

Armorblox's blog post does not say whether the phishing page has been removed or whether the legitimate owners of the compromised SharePoint accounts have been notified.

In any case, the phishing emails only arrived last week, and millions of people are still waiting for their stimulus checks.