Four federal agencies issued a joint alert May 21 warning that cybercriminals and other adversaries are using coronavirus-related lures to scam taxpayers and attempt to disrupt operations of institutions responding to the ongoing pandemic.

The alert, sent out by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the Internal Revenue Service, the Department of the Treasury, and the U.S. Secret Service, said the federal government “continues to encounter” attempts by cybercriminals to steal personal or banking information using coronavirus-related lures through email or text.

The joint alert warns that “at a minimum” criminals will use phishing emails or scam websites exploiting the CARES Act — a $2 trillion aid package that provided direct financial relief to taxpayers and businesses — to trick financial institutions and their customers into providing private information.

“Themes for these scams might include economic stimulus, personal checks, loan and grant programs, or other subjects relevant to the CARES Act,” the alert read. “These CARES Act-related cybercriminal attempts could support a wide range of follow-on activities that would be harmful to the rollout of the CARES Act.”

The CARES Act sent $1,200 nontaxable payments to millions of taxpayers and provided billions of dollars in loans to small businesses.

The four agencies also warned of adversaries and criminals attempting to disrupt the operations of organizations implementing parts of the CARES Act. To combat the threat, the agencies recommend that government agencies and financial institutions initiate a “comprehensive security review” of critical systems.

According to the alert, the federal government and international partners have increased sharing threat intelligence and best practices with industry in response to the virus-related threats. The Secret Service is investigating malicious actors and will try to recover funds that are stolen as a result of their activity, it said.

“These investigations will include actions over the near term, but also in the coming months and years to hold criminals accountable and recover assets,” the alert read.

CISA, the federal agency under the DHS tasked with protecting critical infrastructure and federal networks from cyberattacks, has issued several alerts in recent weeks during the COVID-19 pandemic. In an April alert, CISA and the National Cyber Security Centre in the United Kingdom sent an alert warning of coronavirus-related phishing attempts.

In early May, CISA and the NCSC again issued a joint alert warning of “large-scale” malicious password-spraying campaigns targeting health care organizations and medical research groups.

Andrew Eversden covers all things defense technology for C4ISRNET. He previously reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.

More In Cyber