Eager to get your stimulus check? You aren’t the only one, apparently.
According to Bolster, an online security firm, there has been a dramatic spike in the number of websites trying to steal data or provide misinformation to consumers. Bolster reports more than 150,000 suspicious stimulus check related domains.
This comes amid a broader backdrop of heightened worry about coronavirus-related scams. Overall, Bolster says the number of phishing sites has spiked 235% during the COVID-19 pandemic, and is updating the number via its tracker. “The broader COVID-19 scam and suspicious domain explosion is the largest topic-oriented phishing spike that we’ve ever seen,” says Abhishek Dubey, CEO of Bolster, who previously ran machine learning and security research teams at Cisco, and whose company now counts Uber and DropBox as clients, according to their website.
Here’s how the stimulus scam generally works. Fraudsters create a copy of the IRS’s official “Get My Payment” site. When a user goes to Google to search for the real stimulus check tracker, then might instead be lured to a fake site. If they input their information, “scammers can then use the newly acquired credentials to try to beat the victim to their stimulus check,” says Bolster. Then they can input another bank account to received the money, or just use your personal information for identity theft.
Below, Bolster’s CEO recommends a few steps to protect yourself:
- Notice SSL certificates (the lock in the address bar), check the URL, and be cognizant of what you clicked to get to that page. If the site doesn’t have an SSL certificate (the lock in the address bar of your web browser), then you can’t be sure your information is going to where the address bar says it’s going to.
- Check the URL to make sure that the domain is legitimate. If the URL doesn’t end in ‘irs.gov’ before the URL path (all the characters after the first slash), then it is a fake site. Scammers might try to make the URL look real by starting it with a familiar phrase like irs.gov.scam.site.com, but that would be a counterfeit site.
- Finally, don’t forget how you got to a page. If the link was sent to you via text or email, then there’s a higher chance it is fake. Find the real IRS.gov website and navigate to the ‘Get My Payment’ app, using IRS site navigation. This way you can be sure that your information is going to the IRS and not to a scammer.
According to a release on the IRS website, the “IRS Criminal Investigation is actively working to combat scam artists trying to exploit Economic Impact Payments and other provisions related to coronavirus. So far, the scams CI has already seen look to prey on vulnerable taxpayers who are unaware of how the payments will reach them. IRS CI is prioritizing these types of investigations to help protect taxpayers and the tax system.”
In addition, the “IRS will not call, email or text anyone about Economic Impact Payments. These are impersonation scams by thieves seeking to steal bank account or other sensitive data.” The agency asks that all suspicious emails be reported to email@example.com.
The IRS also noted that it had upgraded its Get My Payment portal over the weekend, so anyone who had previously received a “status not available” message should check back again. The agency added that data is added once a week, overnight, so there is no need to check more frequently than that.
Our mission to help you navigate the new normal is fueled by subscribers. To enjoy unlimited access to our journalism, subscribe today.
More must-read finance coverage from Fortune:
—Why Goldman Sachs thinks Q1 GDP will be “worse than it looks”
—5 lessons for the coronavirus recovery, from an expert on success and failure in crisis
—What the law says about forcing employees back to the office
—This time, the banks were ready: How the Big Four prepared to survive the coronavirus
—Where investors can find income in a coronavirus-crushed market
—Listen to Leadership Next, a Fortune podcast examining the evolving role of CEO
—WATCH: Why the banks were ready for the financial impact of coronavirus
Subscribe to Fortune’s Bull Sheet for no-nonsense finance news and analysis daily.