Cyber Resilience in the age of Targeted Attacks

Security Brief: Proofpoint CSO: How to Safely Obtain Your IRS Stimulus Payment

Share with your network!

In response to COVID-19, the U.S. federal government is issuing economic stimulus checks of up to $1,200 per individual. Unfortunately, criminals are actively exploiting the situation to steal stimulus funds, capture people’s personal information, or spread misinformation. These individuals use a wide variety of methods to steal payments—including text messages, social media, email, phone calls, and fake web pages.

Here’s what you, your family, and your friends can do to stay safe from stimulus payment scammers:

  1. Refer only to official IRS sources for information about stimulus checks. The IRS is administering the stimulus payments and has set up a web page with frequently asked questions, eligibility information, and more. Visit the IRS web page for the coronavirus stimulus payments by going to, then click on “Get Info on Economic Impact Payments.


  1. Ignore all solicitations from any source, especially those encouraging you to provide your personal information to obtain your funds, or to obtain them faster. The IRS commissioner has stated, “The IRS isn't going to call asking you to verify or provide your financial information so you can get an economic impact payment or your refund faster.” If you provide your information to any other source than the authorised web page, that information could be used to steal your identity—or to steal your stimulus funds.


  1. Take no action, unless you’re in the small group of people who need to provide information to the IRS. Stimulus payments will automatically be issued to the vast majority of Americans, including all eligible people who filed taxes for the 2018 or 2019 tax years, recipients of Social Security, Social Security Disability Insurance, and Railroad Retirement recipients. (Note that if you filed your 2018 or 2019 taxes but didn’t give the IRS your bank account information, you will need to provide it to the IRS if you want to receive direct deposit instead of a check.)


  1. If you do need to provide information to the IRS to receive your stimulus payment, be aware that the IRS is using an authorised non-government website to collect your information. This can be confusing, because the “Free File” website that you’re required to use has a different look and feel than the IRS website. To be sure you’re using the legitimate website, access it by going to the IRS webpage mentioned above and click “Non-Filers: Enter Payment Information Here.”


  1. Share these safeguards with family members or others who might need it, especially retirees. The Internal Revenue Service says that retirees and seniors are often specifically targeted, so they should be especially careful during this period. The IRS website states, “The IRS is sending these $1,200 payments automatically to retirees – no additional action or information is needed on their part to receive this.”


Please note that people who did file their income taxes in 2018 or 2019 will be able to use a new IRS website (which is not yet available but will be later in April) to check on their payment status or provide direct deposit information for their stimulus payment. For more information, revisit the IRS web page later this month, review our previous post on COVID-19 fraud prevention, and watch for the latest from our Proofpoint Threat Insight research team.