The IRS assembled a list of red flags regarding COVID-19 related programs like the Economic Impact Payments (EIP) and the CARES Act. The current list is available below.

Economic Impact Payments (EIP) based questionable/fraudulent or red flag activities:

Multiple direct deposits of EIP into the same account, particularly when the amounts of the checks are the same or approximately the same (e.g., $1,200 or $2,400)

Deposits of multiple paper checks into the same bank account, particularly when the amounts of the checks are the same or approximately the same (e.g., $1,200 or $2,400)

Cashing of multiple emergency assistance checks by the same individual

Deposits of one or more emergency assistance checks, when the accountholder is a business and the payee/endorser is an individual other than the accountholder

Opening of a new account with an emergency assistance check, where the name of the potential accountholder is different from that of the depositor of the check

Individual accounts opened within the last 60 days receiving multiple US Treasury checks or direct deposits from the US Treasury

Rapid transfers of funds that consolidate deposits -or- large subsequent counter withdrawals in cash -or- serial ATM withdrawals for the maximum allowable amount -or- large amounts of funds withdrawn in the form of cash back at retail establishments using prepaid debit cards from individual accounts receiving COVID-19 assistance

Other tax relief under the CARES Act questionable/fraudulent or red flag activities:

Opening of a new business account to receive a direct deposit of assistance funds or apply for a loan

The business does not appear to have a lengthy history (e.g., established within the last few months), a physical presence or address, or an Employer Identification Number

The business displays some discrepancies with the address, or it is located in a high-risk jurisdiction or an area that is not usually associated with the merchandise they are selling

The business has an unclear business model and it is difficult to determine the true nature of the company and its operations.

The business is receiving payroll protection relief without history of payroll activity

The business receives a payment/credit from Treasury in addition to a loan from SBA – businesses can be eligible for only one

Deposit to the business is solely from CARES act assistance

Additional red flags to look out for:

Customers could be victims of account takeover after their identity is stolen

Customer provides a document that appears to be a check from the U.S. Treasury, often in an amount less than the expected EIP, with instructions to contact the fraudulent government agency, via a phone number or online, to verify personal information in order to receive the entire benefit

The customer’s personal bank account starts to receive transactions that do not fit his or her history of typical transactions, including overseas transactions, When asked about the changes in transactions, the customer declines requests for “know your customer” documents or inquiries regarding sources of funds, and may mention COVID-19, relief work, or a “work-from-home” opportunity

The customer purchases large amounts of convertible virtual currency (CVC) or engages in fiat currency transactions

The customer opens accounts in his or her name at multiple banks so he or she may receive money from various individuals/businesses and then move the money to other accounts, as specified by the customer’s fraudulent “employer”