If you haven't already, it's time to build trust relationships with your financial institutions, using strong security, privacy protections and secure, unique user credentials.

Tom Pendergast, Chief Learning Officer at MediaPRO

March 5, 2021

6 Min Read

When Congress passed a $900 billion economic relief package in December 2020, it wasn't just unemployed Americans and those with low to moderate incomes who were happy: Scammers rejoiced as well. Just like back in May 2020, these vultures see a river of money flowing from the federal government to regular Americans and they are eager to grab some of it for themselves.

And the economic relief and associated scamming aren't over yet: President Biden's relief plan promises more stimulus soon, and California just passed its own relief package, with $600 for low-income residents. Luckily, there are some ways to ensure that the government money goes into the right hands. 

If scams related to stimulus checks and unemployment payments give you a strong sense of déjà vu, you're not alone. After all, we've been here before, back in May when the first coronavirus relief package was passed and there was massive fraud aimed at state government agencies charged with distributing the unemployment relief. In fact, the Office of the Inspector General of the Department of Labor estimated that fraud claimed $36 billion of the $360 billion available in the CARES Act. 

I had a pretty strong sense of déjà vu myself, since I was the victim of such a scam in my home state of Washington. But on Jan. 11 — some seven months after I filed my initial fraud report — I got an official verification that my Social Security number was mine (really!) and is now officially connected to my account at the Employment Security Department. Now that I have established claim to my ESD account, nobody can present a fraud claim on my behalf.

That doesn't mean there aren't other ways from criminals to profit off my data, because in late January, the Washington State Auditor revealed that the personal data of 1.4 million state residents may have been stolen in a hack of third-party software provider Accellion. I'll add this to the long list of data breaches my data has been involved in!

This Problem Is Mostly Solved by Trust
But I don't despair all that much about this stuff, because there are things you and I can do to keep ourselves safe. Claiming your account — whether it's at your state employment services agency or with the IRS or with any other entity that you do business with, really — allows you to establish a channel for trusted interactions. For example, because I have a trust relationship with the Department of the Treasury, any government stimulus check or tax refund can be deposited directly in my bank account — and I don't have risk a check being lost or stolen, or receiving one of the new, more secure debit cards that are also used to make payments to people who don't have direct deposit. These trust relationships are built off strong security and privacy protections on part of the agency and the use of secure, unique credentials on the part of the user, but they work far better than the other means. Of course, they still need to protect the data I trust them with.

For people who are receiving the stimulus payment via debit card, the US Treasury is doing its best to ensure that the process of getting paid is clear and secure, including showing recipients exactly what they should look for in the mail, including what the cards look like

For all this effort, it's easy to imagine that a scammer could emulate this mailing and ask a user to phone into a call center and provide some essential information — perhaps even a bank account — and run a scam that way. Both Forbes and CNBC have provided good guides for using these cards safely and without fees. 

Whether you're waiting for this stimulus check or the next, bigger one promised by the Biden administration, or seeking to avoid any entanglement in an unemployment scheme, there are some tried and true methods for ensuring that your interactions with government agencies of all sorts are handled securely and privately.

Protect Your Credentials
Protecting credentials — usernames and especially passwords — is one of the best and most basic things you can do to stay safe from hackers. Using unique passwords everywhere is easy when you use a password manager, and adding multifactor authentication adds another level of protection. 

Own Your Accounts
Establishing a secure account with state and federal agencies is the best way to take advantage of the security protections they provide, and this protection generally outweighs whatever risk you have of this agency being breached, though that risk does exist. I'd suggest that people establish an account with their state employment agency (or broader state government) now, and also verify that you have accounts at the major federal agencies you deal with — which will likely include the Social Security Administration and the IRS at a minimum.

While I understand that some people may not believe that they can enter into a trust relationship with the government, I'd suggest that it's better that you control the terms of that relationship than to allow that relationship to be established by someone else. 

Take Quick Action
The moment you suspect fraud, act as quickly as you can to report it.

Many major government agencies and financial institutions have dedicated fraud hotlines or online services, and they may also suggest that you make a report to your local law enforcement agency. If you take quick action, you might be able to avoid the nightmare of full-blown identity theft.

Protect Your Credit
Freezing your credit at all three credit agencies is a simple (and free) act that can prevent anyone with access to your personal information from opening up an account in your name. You'll need to learn a few tricks to unfreeze your account when needed, but it's well worth your time.

Apply Healthy Skepticism
Even if you do all of the above, you can still fall prey to a scam if you allow people to convince to give away information or credentials you shouldn't. That's why you've got to be skeptical of any phone calls, emails, or letters that ask you to divulge financial information or passwords. Your healthy skepticism is your best defense.

About the Author(s)

Tom Pendergast

Chief Learning Officer at MediaPRO

Tom Pendergast is MediaPRO's Chief Learning Officer. He believes that every person cares about protecting data, they just don't know it yet. That's why he's constantly trying to devise new and easy ways to help awareness program managers educate their employees. Whether it's creating year-round programs to ensure employee commitment to cybersecurity and privacy best practices or working with teams of people to build and customize award-winning content, Tom is committed to getting employees, students, and even his mother to do the right thing when it comes to protecting data.

Tom holds a Ph.D. in American studies from Purdue University and has spent a career making complicated things simple, first as the founder of Full Circle Editorial, then in learning solutions with MediaPRO. For fun, he likes to scramble and trail run in the nearby mountains.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights