On Thursday, March 11, 2021, the President signed into law what is officially known as the American Rescue Plan (also known informally as the COVID relief bill.) This $1.9 TRILLION bill will provide direct payments to individuals and families, expanded unemployment assistance, healthcare subsidies, aid to state & local governments, schools, child care facilities, businesses & non-profits and a wide array of tax credits.
So what does this have to do with email security? Quite a lot, actually. As with past stimulus bills, email scammers will be looking to make a quick buck by tricking individuals and businesses out of their desperately-needed financial aid. Phishing emails are already hitting mailboxes across the country.
We wanted to point out some potential scams to look out for in the coming days & weeks specific to this new relief bill. Of course, this comes on top of all the scams associated with the recent Hafnium attack and the still-lingering SolarWinds attack.
The stimulus bill includes a number of provisions for small businesses, including over $7B in forgivable loans through the Paycheck Protection Program (PPP). We expect scammers to focus their efforts heavily on small businesses with an array of phishing emails claiming to offer assistance with applying for the PPP loans, fake PPP portal webpages that claim to be able to track the status of PPP loan requests and the like. Please be sure to use the official PPP webpage on the US Small Business Administration website here.
The bill also includes $28.6 Billion in grants for restaurants, bars and other eligible providers of food and drink, including $5 Billion that is earmarked for small restaurants (those making under $500K in revenue annually.) As with the PPP loan program, we anticipate that bars and restaurants will be heavily targeted with phishing emails.
In addition to small business assistance, the bill also includes $14 Billion to airlines and $8 Billion for airports. While companies in this space are typically larger and have more sophisticated security defenses, they must remain vigilant in their efforts and train their employees (many who have been furloughed for weeks or months) to have a healthy distrust for any emails they receive.
The White House announced that individual stimulus checks would be hitting the bank accounts of tax filers using direct deposit as early as the weekend of March 13-14 and continue until all payments were made. Phishers will no doubt use both wide-spread email attacks as well as hyper-focused spear phishing attacks to con you out of your stimulus funds.
With covid vaccines becoming increasingly available and the funding from this new stimulus bill providing a much-needed boost to so many, it is easy to get distracted with thoughts of returning to normal life. Please remain alert to email phishing scams during these exciting times!