How scammers and fraudsters are using the COVID-19 pandemic to exploit the public
How scammers and fraudsters are using the COVID-19 pandemic to exploit the public – and how you can fight back
Much like with previous national disasters, malicious actors are now taking advantage of the COVID-19 virus and the public’s vulnerability to launch a wave of attacks to acquire valuable personal information such as Social Security numbers, account or credit card numbers, login IDs and passwords.
The most common methods of obtaining this information are through fraudulent phone calls, text messages, or “phishing” emails. In general, these scam artists seek to exploit the public where they are the most vulnerable during uncertain times: through their wallets and thirst for knowledge.
The scams focus on financial relief, updated COVID-19 news, or information coming from the Centers for Disease Control (CDC) or World Health Organization (WHO). Additionally, a new, increasingly prevalent nefarious attack relates to the recently passed economic stimulus package. Scammers contact citizens pretending to be a government department that can expedite their stimulus payment. Then, fraudsters ask for the individual’s bank account information to direct deposit their expedited stimulus payment.
With so many attacks related to the COVID-19 pandemic, please ask yourself one question:
“How do I identify and combat these fraudulent attempts to obtain personal information?”
Your answer starts with these steps:
1. Be cautious and skeptical:
A healthy degree of caution and skepticism are your primary defense in identifying any potential fraudulent attempt to acquire information.
When receiving offers of information, supplies, treatment techniques, financial relief, or charity donations review the requests in detail. Does the offer make sense? Most entities will not contact you to acquire personal information. Research the emails you receive and review the email address of the person or organization sending you the email. If an email contains a link, review the link by hovering over the link to identify the URL you will access.
Also, if you receive an email and doubt its validity, a good practice is to look up the telephone number of the company and verify the number to the number included in the email as scammers will typically not include a phone number attached to the company they are portraying.
2. Do your research!
Most phishing, phone call, or text message scams can be quickly debunked by researching the company, agency, organization, etc. contacting you. If it is a phone call or text message, you can identify if the phone number contacting you is associated with the group that is contacting you.
Check websites and email addresses offering the information, financial relief, or products related to COVID-19. Scammers typically will use URL addresses that differentiate from the entities they are impersonating.
3. Increase/enhance your security controls for phishing attempts:
- Protect your computer by using security software and make sure it updates properly to combat new and evolving threats.
- Protect your mobile phone by setting software updates to automatically update.
- Protect high risk accounts by utilizing multi-factor authentication tools that require you to acknowledge your login by sending a code or acknowledgement message to your mobile device.
As we work through this unprecedented situation, we must continue to be on guard against opportunistic parties looking to capitalize on our vulnerabilities. The best ways to combat these potential scammers is to be cautious and skeptical, do your research, and enhance your security controls frequently.
For additional information contact the author jjohns@fosaudit.com.
How scammers and fraudsters are using the COVID-19 pandemic to exploit the public | Jeffrey J. Johns