Beware of COVID-19 stimulus check scams and phishing attacks

The Federal Government is on track to pass a $2 trillion stimulus bill—the largest in U.S. history—that will send checks to American households to help counter the economic effects of the COVID-19 Coronavirus.

The Better Business Bureau and the Federal Trade Commission warned consumers that scammers may try to defraud Americans by claiming they need to pay money as a condition of receiving government relief. Cases are being reported of email phishing attacks as well as messages received via text or social media. 

The government will not be communicating directly to you with personal information via a text message or social media. Closely examine any messages you receive in case they are a scam, and ignore or report them if you determine them to be fraudulent. There are three key signs of fraud to look for:

  • The federal government won’t ask you to pay anything upfront—such as fees and charges—to get this money. Anyone who says otherwise is a scammer.
  • The government will not call to ask for your Social Security number, bank account, or credit card number. Anyone who does is a scammer.
  • The checks will soon be distributed but aren’t yet a reality. Anyone who tells you they can get you the money now is a scammer.

Related News

We are tracking a number of reports about these kinds of scams (March 26, 2020). 

Additional security when logging in with your NetID

This change most visibly affects single sign-on, but any application that authenticates directly to will also be affected (and could also be a source of lockouts due to failed password attempts).

Key Points

  • Beginning April 27, 2015, more than 10 failed attempts to log in using your NetID (within a 30 minute period) will now place your account into a locked state.
  • The lockout is temporary. The account will automatically unlock itself 30 minutes after it was locked (whereupon, if it is still under attack, it can be locked again).
  • While your account is locked, you will not be able to log in using your NetID.
  • You can unlock your account yourself immediately by resetting your password or contacting IT Services for assistance.

Why would my account be locked?

More than 10 failed log-in attempts (due to incorrect password) within a 30 minute period will cause your account to be locked. More than 10 failed attempts in a short period of time is not normal behavior for an account owner but likely a result of someone trying to guess another person's password.

These attacks are normally automated to try the most commonly used passwords along with multiple variations (changing letters into numbers, etc.) as quickly as possible. By locking your account during such an attack, the attacker cannot log in using your NetID even if they guess your current password.

How do I know if my account is locked?

If you are logging in to one of our single sign-on (SSO)–enabled services (Google Apps, Blackboard, etc.)—and you have a locked account—you will be prevented from logging in with your NetID and see the following message.

What should I do if my account is locked?

Locked accounts will automatically unlock themselves after 30 minutes (but can be re-locked if still under attack).

You can immediately unlock your account by resetting your password. We recommend that you contact IT Services to report a locked account—even if you have unlocked it yourself—especially if you feel that your account may be compromised. 

How do I protect my account?

Once someone decides to attack your account, there is little you can do to avoid the locked status. Locking your account is a safety measure to make it impossible for the attacker to continue to try and successfully log in to campus services using your NetID. However, prior to being attacked, the best possible ways you can protect your account from being compromised due to an attack of this nature include