Focus on what counts
Alerts

CARES Act Recovery Rebates Open Doors for Scammers and Hackers

April 2, 2020
view all archive

Last week, President Trump signed the Coronavirus Aid, Relief, and Economic Security (CARES) Act. One of the highlights on this act is the Recovery Rebates to be paid to individual taxpayers. The rebate amounts are advance refunds of credits against 2020 taxes, and equal to $1,200 for individuals, or $2,400 for joint filers, with a $500 credit for each child under the age of 17. The amount of each rebate is phased out by $5 for every $100 in excess of a threshold amount based upon the taxpayers 2018 adjusted gross income (unless a 2019 return as already been filed). View our recent article on the individual provisions of the CARES Act here.

On Sunday, Treasury Secretary Steven Mnunchin said that taxpayers who have direct deposit information on record with the IRS could expect to see the rebates in their bank accounts within three weeks. For those without current direct deposit information on file, the IRS will be creating a web-based system for people to upload their information to expedite payment of the rebates.

While this act provides a welcome respite for many Americans, it is even better news for scammers and hackers looking to make a quick buck on the backs of unsuspecting taxpayers. To help you protect yourself from such scams, we have prepared the following Frequently Asked Questions:

I am a taxpayer with direct deposit information on file with the IRS.  What do I need to do?

Nothing. Your Recovery Rebate should be deposited to you directly from the IRS. You should not receive any communications (via email or telephone) from the IRS for any reason. Treat any such communications as suspicious.

I am a taxpayer without direct deposit information on file with the IRS. What do I need to do?

In the coming weeks, Treasury plans to develop a web-based portal for individuals to provide their banking information to the IRS online, so that individuals can receive payments immediately as opposed to checks in the mail. Citrin Cooperman will circulate more information regarding the web-based portal when it is communicated by the IRS. In the meantime, you should not receive any communications (via email or telephone) from the IRS for any reason. Treat any such communications as suspicious.

I am a taxpayer with direct deposit information on file with the IRS, but the bank account number has changed. What do I need to do?

In the coming weeks, Treasury plans to develop a web-based portal for individuals to provide their banking information to the IRS online, so that individuals can receive payments immediately as opposed to checks in the mail. Citrin Cooperman will circulate more information regarding the web-based portal when it is communicated by the IRS. In the meantime, you should not receive any communications (via email or telephone) from the IRS for any reason. Treat any such communications as suspicious.

If I receive a suspicious email, how can I tell if it’s real or not?

Hackers are becoming more and more creative with their phishing attacks, making fraudulent emails harder and harder to detect. When you receive an email requesting sensitive information or asking you to click on a link or open an attachment, consider the following:

  • Do not open email attachments from an unknown sender that you are unfamiliar with.
  • Did you expect this email from this sender at this time? If not, consider calling the sender to confirm the legitimacy of the email or delete the email.
  • Hover before you click on a link to confirm that the displayed URL matches the destination URL you were expecting.
  • Typically, the IRS and financial institutions will never send you an email or call you asking you to provide sensitive information (passwords, social security number, banking information, etc.). Delete these emails immediately or call the sender directly to confirm legitimacy of the email. When calling the sender, DO NOT use the phone number in the email.

I opened an email and think I may exposed sensitive information. What should I do now?

  • Change your password, now!
    Choose long and complex passwords for your computer and change them periodically throughout the year. Avoid the obvious, like birthdays, pet names, mom’s maiden name – these are easy for an attacker to ascertain.
  • Report the incident to your email provider.
    Your email provider is familiar with these types of incidents and may be able to provide further details about the nature and source of the attack, including any tools they may have available to protect your information and get you back up and running.
  • Tell your friends.
    Let friends and key contacts know that you have been compromised and to be on high alert when receiving and opening emails from your email address.
  • Scan your computer with an updated anti-virus program.
    Run a full scan to identify and eliminate any and all viruses, spyware or malware that it discovers. If you don’t have a new and sophisticated security software program, now is the time to invest in one.
  • Review your personal email settings.
    Make sure the bad guys haven’t created forwarding email addresses. If they have and you find them, delete them at once! Also, pay close attention to your signature block and make sure it’s really yours. The hackers may have included some malicious links there too.
  • Change passwords or security questions for other sites.
    Get into the habit of changing your passwords frequently, and don’t keep the same passwords for all of your online profiles (especially any financial websites you visit). If it is too burdensome to manually administer your passwords, consider using a password management application.
  • Monitor!
    You won’t know what information the hackers were able to find, so keep a close eye on your credit report and your online banking accounts. You might also wish to contact the fraud department of one of the big three credit reporting agencies and have a fraud alert put on your file.

If you have questions or concerns related to protecting your sensitive information or think you have had data exposed, please contact Michael Camacho at mcamacho@citrincooperman.com or 401.567.2126.