Scam artists everywhere are capitalizing on businesses looking to be involved in the CARES Act. During the COVID-19 pandemic, the CARES Act,  is being used as a lure in phishing attempts or in malicious domains against both banking customers and financial institutions. Themes include economic stimulus, personal checks, loan and grant programs, and other subjects relevant to the CARES act. It is expected that criminal activities (e.g. personally identifiable information, credential theft, wire fraud, etc.) be the most common cyber threats during the CARES Act roll out. The U.S. Secret Service has already reported criminals using stimulus-themed emails and text messages to trick individuals into providing personally identifiable information.

To help minimize your risk, common best practices for personal cyber security include:

• Avoid clicking on links in unsolicited emails and be wary of email attachments.
• If you are unsure whether an email request is legitimate, try to verify it by contacting the company or person directly. Do not use contact information provided in the email or on a website connected to the request; instead, check previous statements or contact information.
• Use trusted sources – such as legitimate, government websites – for up-to-date, fact-based information about CARES Act and COVID-19.
• Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
• Create strong passwords for all accounts you log into and if available implement multi-factor authentication.
• Configure Alert Management for all your financial accounts including online banking, retirement accounts, debit/credit cards to manage transactions and balance alerts especially for large purchases or money transfers.
• Make sure all contact information is up-to-date with UCB.