Cybercriminals are adding to the stimulus check drama

If you’re still waiting for your stimulus check, you’re not alone.

And you’re especially vulnerable to getting scammed in a cyberattack, as the federal payments are one of the latest forms of bait used by cybercriminals during the COVID-19 crisis, says Anahi Santiago, ChristianaCare’s chief information security officer.

In March, when the coronavirus was declared a pandemic and U.S. states started ordering lockdowns, Atas VPN analyzed the Google data and found that the number of phishing websites spiked 350% compared to January 2020.

There’s no sign of cyber crimes slowing since then, especially as economic stress sets in on top of anxiety over the virus.

“We’ve definitely seen an increase in attacks across the board that are leveraging not only the COVID topic as a way to lure people to [scam] websites,” Santiago told Technical.ly. “I think everybody’s really starving for information and seeking information from wherever they can. It’s an attractive lure and target for cyber criminals.”

Earlier in the pandemic, most cyber scams involved anxiety about the virus itself — phishing emails disguised as health alerts, for example. Now with the CARES Act and the not-exactly-smooth process of getting federal aid into the hands of the majority of American individuals and small business owners, there has been an increase in attacks using the stimulus checks as leverage, through phone calls, emails and websites purporting to have info on checks for financial gain. (The only one you should be giving information to for information about your check is the IRS via its “Get My Payment” tool.)

“We see a spike in cyber crimes during tax season, we see it during Christmas shopping season,” said Santiago. “There’s just such a bigger expansion of opportunity here.”

Another area cybercriminals are exploiting? The huge increase in people who are currently working at home.

“Folks are using video platforms as a way to communicate,” she said. “Zoom has been in the news a lot, but they’re not the only one. Folks are using WebEx, Teams and other platforms that are increasingly becoming attack vectors. People will jump on these chats and create disruption. We’re not seeing too many where the attackers are actually listening in to steal information, but I think we’ll probably hear about those types of attacks in the near future.”

What can you do to protect yourself? Santiago says her advice is the same advice she gives to ChristianaCare employees: “Treat anything [you] deem as suspicious as suspicious.”

ChristianaCare’s email system allows employees to easily report suspicious emails with one click, but if you get a suspicious email at home, the best thing to do is to go directly to the website of the organization or company the suspicious email claims to be from, where you can often report it via its Privacy & Security page, usually linked at the bottom of the homepage, or Contact page.

“In terms of knowing the threats, I would point folks to the Department of Homeland Security’s cybersecurity resource,” Santiago said.