The Internal Revenue Service (IRS) has started sending out stimulus checks of up to $1,200 (£960), and some 80 million Americans should have their money in the bank right now. That’s the good news. If you are among the 70 million still waiting, then you may well be worrying about why that is.
This is where things start getting problematical.
Stimulus check anxiety puts you firmly on the radar of cybercriminals and fraudsters who would separate you from any money you are entitled to, and more. Both Google and the IRS are doing their bit to ensure this doesn’t happen, but you also need to play your part if you want to ensure your stimulus payment stays in your bank account.
Why haven’t you already got your economic impact payment?
There are many reasons why you may not be among the 80 million Americans who were set to receive their stimulus check, by direct bank deposit, this week. As the Washington Post reported April 16, “several million people” who had filed taxes through tax preparation services had not got their payments owing to the IRS not having their direct deposit information on file. That report suggested that as many as 21 million people could be affected. Other reasons include not filing a tax return at all, filing one recently and technical glitches. All of which is like manna from heaven to cybercriminals, keen to exploit any fear, uncertainty, and doubt regarding payment of stimulus checks. Throw in predictions that there could be a second stimulus check, potentially a monthly recurring payment, and the opportunity to defraud increases further.
Where does Google enter the equation?
With something in the region of 1.5 billion users, the Google Gmail email system is highly likely to be used by many of those waiting for their stimulus check to arrive. Email is route one as far as cybercriminals are concerned when perpetrating a fraud on a massive scale. While telephone calls can be profitable, they are time-consuming and need to be highly targeted to succeed. Email scams are the complete opposite: most phishing campaigns send out vast numbers of messages and rely upon a relatively small percentage of recipients to get caught out to make their money. Not that there aren’t highly targeted email campaigns as well, of course, and these are known as spear phishing. The latter will likely be more believable as the criminal will be relying upon personal information, targeted data, to trigger the trust that leads to link clicking and the fraud itself. By impersonating the IRS, or your bank, these scams try to trick recipients into visiting a realistic-looking site where account details “need” to be verified for the stimulus check to be released. But it doesn’t stop there; broader phishing campaigns are sending out what appear to be genuine offers from tax consultancy firms that offer assistance to those waiting for their payment. These will often link to websites where personal and account information is required to be entered, which have been registered with likely sounding domains so as to engender trust in the victim further. Which brings us back to how Google is helping to minimize the risk of getting caught in these fraudulent traps. Back in 2017, Google announced it was introducing machine learning (ML) models, a form of artificial intelligence, to prevent spam and phishing messages from ever reaching user inboxes. With a 99.9% claimed success rate, these ML tools are working overtime today.
On April 16, Google published details of how many COVID-19 related phishing and malware emails it was catching and blocking on a daily basis. The surprising number was 18 million. That’s just the malicious and fraudulent stuff and doesn’t include the 240 million related spam emails being blocked every day as well. Among the 18 million fraudulent emails being blocked, with a continued success rate of 99.9% according to that Google report, are scams attempting “to capitalize on government stimulus packages,” by imitating government institutions. Google said it has “put proactive monitoring in place for COVID-19-related malware and phishing across our systems and workflows.” Not that this means you can breathe easy, just perhaps a little easier than if Google wasn’t catching so much of the threat.
The IRS has also got your back
Earlier this month, the IRS issued a formal warning about Coronavirus-related scams, with specific attention paid to those frauds that are connected to stimulus payments. The IRS reminded taxpayers, by way of some essential scammer mitigation advice, how to spot the fraudsters.
This advice includes watching out for emails that emphasize either “stimulus check” or “stimulus payment” as neither are terms used by the IRS itself. Instead, it would use the official terminology of economic impact payment. Not that this in itself indicates trust. Any email requiring some form of personal, tax or banking account verification to receive your stimulus check payment is another red flag, as is suggesting that they can get your money quickly if you use their services. There have even been cases where bogus physical checks have been sent in the mail and followed up with emails informing the recipient they need to verify account information online, or by calling a specified telephone number, in order for it to be cashed.
Finally, and perhaps most importantly considering any concern over delays in receiving your stimulus payment, the IRS has set up an official economic impact payments site. This is the only safe place for filers to get information about their payment, and non-filers to enter payment information. Do not click on a link in any email that purports to be from the IRS, or your bank, but instead enter the web address manually (hover over the IRS link above and the address will be revealed) to be sure you are not being directed to a fraudulent site.