New data from security firm Tessian found that 673 domains related to the $2T stimulus package have been registered since the U.S. government announced on March 19 it would issue checks.
The domains use common questions or keywords (such as whereismystimuluscheck or COVID-19-stimulus), banking on the fact that many will prioritize convenience over security while seeking out stimulus information. Given the recent launch of a new IRS website that helps Americans track or submit for stimulus checks, Tessian is releasing this domain info since a spike in IRS website searches and traffic regarding stimulus checks is expected.
“Cybercriminals will always follow the money and look for ways to take advantage of the fact people will be seeking more information or guidance on this scheme. Although not every domain registered in the last month may be malicious, it’s possible that these websites offering consulting and business loans could be set up to trick people into sharing money or personal information. Always check the URL of the domain and verify the legitimacy of the service by calling them directly before taking action.
“It’s also important to consider what data you are being asked to share via websites offering calculators or status checks, and what call to action the website is offering after. Cybercriminals could use the information you shared to craft targeted phishing emails that include the ‘results’ of your assessment, tricking you to click on malicious links with the intention of stealing money, credentials or installing malware onto your device.” – Tim Sadler, CEO and co-founder, Tessian
Further detail on Tessian’s analysis and advice can be found here
Key findings from Tessian’s analysis (Domains registered between March 17-April 13)
- 25% of the stimulus-related domains were educational, featuring experts resources such as consultants, lawyers or blogs to help with paperwork
- 10% of the domains offered a calculator tool for citizens to enter details to determine their eligibility to receive the stimulus check, which may require them entering their salary, address or other personal information
- 7% of the domains were spam websites with no clear call to action
- 7% of the domains were aimed at giving people the opportunity to donate their check to a Covid-19 related cause
- 7% of the domains offered loans to businesses as they weather the pandemic