COVID-19 Economic Relief Increases Risk of Identity Theft & Fraud

Summary

As a result of the COVID-19 pandemic, millions of people are receiving economic relief, including unemployment benefits, economic stimulus funds, accelerated payments, and obligations and contract awards. Additionally, there has been an increase in data breaches, access to stolen identities and fraud handbooks from dark web markets, phishing attacks, impersonations, deep fake voice spoofing, and malware attacks to brute force into vulnerable IT systems. The combination of economic relief opportunities and malicious cyber activity can provide threat actors with the ability to engage in fraudulent behavior that allows them to intercept these benefits via the identification verification process, application filing, or information updates, including the Internal Revenue Service (IRS) website used to collect bank account information of non-filers of tax returns.

Recommendations

The NJCCIC recommends users update to strong passwords for all accounts, enable multi-factor authentication where available, keep all software and hardware updated, exercise caution with unexpected or suspicious emails and other communications, and refrain from sharing personal or financial information without verifying the requestor. Organizations are encouraged to adopt a defense-in-depth cybersecurity strategy, apply the principle of least privilege, and establish a comprehensive data backup plan. More information can be found in the Nextgov article.