Social media has been flooded with posts of people excitedly sharing screenshots of their coronavirus stimulus check deposits, but many are warning that doing so is putting people at greater risk of falling victim to scams. With millions of Americans having already received their payouts, which are part of the $2 trillion CARES Act President Donald Trump signed last month, scammers are already out in full force, and providing them with even the smallest amount of information can give them the in they need.
"Your social media profiles are gold mines of information for cybercriminals. People need to be aware of the risks that come with sharing screenshots of their stimulus checks," Ed Bishop, chief technology officer at security firm Tessian, told Money. "With the knowledge that individuals have received their stimulus check, hackers could send people emails or SMS messages … impersonating the IRS and tricking people into clicking a malicious link by asking them to ‘confirm they have received their payment."
As the outlet points out, in recent days, people have been taking to various social media platforms with images of their bank accounts, transaction histories, and Get My Payment messages to support their claims that they have either received or not yet received their payouts. While a simple screenshot of your recent transactions may not seem like a big deal, scammers can easily utilize your spending habits to craft a perfect phishing email by impersonating those brands you’ve recently spent money at and therefore lowering your defenses.0comments
The same can be said for the Get My Payment tool, which allows users to track their payouts and also requires the input of personal information. Although a screenshot may only show the last four digits of your checking account number, and the image may only be shared with close friends, those close friends can reshare the image, subjecting it to potential fraudsters. According to Chris Hinkley, the head of the threat resistance unit at Armor, with just a few quick searches and datat gathered from previous breaches, scammers can reset your bank password and then have access to your money.
Brian Bartholomew, Kaspersky principal security researcher, encourages everyone to assume that anything you share will be online, and therefore exploitable, forever. Bartholomew says that although some screenshots and the details included in them "may seem harmless now," the information could be "used along with other bits of data to conduct an attack against a target."