What can you do to mitigate the risk that you or your clients will fall prey to one of the coronavirus scams? Education is the best defense against information security threats. The attacks from thieves and scammers are becoming more aggressive and sophisticated. By keeping abreast of the latest scams, you’ll be well prepared to avoid them.
Phishing attacks are on the rise. They’re designed to take advantage of current events, such as health scares or economic concerns, so you and your clients should be especially vigilant about this scam right now. Fraudsters use phishing to gain access to personal information, such as bank account numbers, credit card information, usernames and passwords, and social security numbers. The fake emails or text messages appear to be sent from a known sender or trusted organization. If you aren’t careful, it’s far too easy to click on a malicious link or open an attachment that plants malware on your device.
Here are some red flags to watch out for:
Fake emails that look legitimate. One of the most deceptive coronavirus-related scams has been fake emails that look like they’re from the World Health Organization (WHO) or Centers for Disease Control and Prevention (CDC). At first glance, these emails look legitimate (see example below). Some even include “safety measures” and feature the WHO or CDC logo.
The CDC and WHO would never ask for your login credentials. To get the facts on coronavirus safety measures from these organizations, go directly to the CDC or WHO website.
Text or phone messages about coronavirus tests. Another scam making the rounds is a text or phone message claiming the recipient has come into contact with someone who has tested positive for or shown symptoms of COVID-19. If you receive a text message like the one below, delete it and block the number. Do not click the link. Doing so is likely to provide the scammer with a gateway to your personal information.
In fact, best practice is to never click on a link from an unknown source or from someone you weren’t expecting an email or text from—as scammers generally use these links to download malware onto your devices.
Scammers’ major goal is to trick victims into providing their personal information, which can be used to commit fraud. In times of uncertainty like these, many people may feel vulnerable and not have their guard up. Thieves are ready to exploit these emotions, trying to blur the line between fact and fraud. Be on the alert for:
Phony phone calls. You or your clients may receive a call claiming to be from the IRS or another government agency. The caller might ask for bank account information or a social security number so that a stimulus check can be deposited. Tell your clients that, if this happens, they should hang up immediately. The IRS will not contact anyone by phone, email, text message, or social media regarding stimulus payments. For information on coronavirus tax relief, everyone should go straight to the IRS website.
Charity scams. It’s natural to want to help others in times of crisis. Unfortunately, scammers have figured out ways to exploit this generosity. Using names similar to those of real charities, scammers will often try to rush you into making a donation—preferably using methods that are difficult to trace (e.g., cash, wire transfer, or gift card). To ensure that your money is going exactly where you want it to go, do your research! Also, keep in mind that the safest options for making donations are credit card and check. Review the Federal Trade Commission’s page on charity scams for more information.
It’s true that the number of scams hitting the headlines seems to multiply by the day. But here’s some good news: there are some common information security best practices to employ that will help you mitigate the risks, no matter the situation:
When it comes to the latest coronavirus scams, being aware of the warning signs is half the battle. By knowing what to look for—and what to do if you suspect you’ve fallen victim—you and your clients will be well positioned to protect the security of your information.
Have you noticed an uptick in phishing scams? What were the red flags that tipped you off to a fraudulent message? Please share your insights in the comments box!