Experts warn of ‘smishing’ scams using stimulus news to trick people into enrolling in fake COVID relief programs.
As the U.S. waits for another potential round of stimulus checks, scammers are out there *smishing.* That is, using text messages to try to steal people’s information and money.
“It says, ‘Karen, you have been accepted for our COVID relief program, you are now eligible to earn $1,472 dollars a day,'” said Karen Manning to Newsy’s partner KSHB. “It makes me mad to think about somebody using that to get money out of people.”
“Look at the attackers as like very smart direct marketers. They go with the zeitgeist. They go with what’s happening in the media, what consumers are hearing,” said Jacinta Tobin, vice president of Cloudmark Operations at Proofpoint.
“They’re throwing the numbers in these text scams to be very similar to the numbers that the government is promising to get stimulus checks out on. So they are iterating their attacks and they are crafting their messaging to take advantage of the situation,” said Neil Daswani, co-director of Stanford University’s Advanced Security Certification Program.
According to the Federal Trade Commission, there’s been more than $348 million in COVID-related fraud loss since the start of the pandemic, with roughly $30 million of that coming through text and phone call scams.
Experts told Newsy they expect smishing scams to continue through the pandemic, but that the messaging will shift.
“What we predict, actually, is that there will be a joint IRS tax return and COVID relief smishing happening. One potential example would be that an attacker would say, ‘Get your COVID stimulus payment now before the IRS takes it in a tax bill,'” said Tobin.
“As more vaccination centers start opening up, then I wouldn’t be surprised if the cyber criminal community starts sending out messages saying, ‘Oh, you can now get the vaccine,'” said Daswani.
If you get any messages like these, experts say you should look at the content of the message and think through before clicking on any link.
“The way that the government will get you COVID relief is by direct deposit to your bank account or via a check in the mail. The government’s not or shouldn’t send out text to you,” said Daswani.
They also say you should block the number of the scammers, copy the text and forward it to 7726, which spells SPAM.
“All the U.S. operators use that to block attacks. They leverage that information to put in filters to block those attacks,” said Tobin.
“If some of us just go ahead and block the contacts, then that gives the carriers enough information so that they can take steps to not only block that particular scam, but also analyze the forensics of it in detail and build more defense into the automated detection mechanisms as well,” said Daswani.