CORONAVIRUS SCAMS TO WATCH FOR

3/26/2020 Cayla Hittmeier

While most of the population are working together and helping one another during this global pandemic, some portions of the population have been using their power to wreak havoc. During the COVID-19 health crisis, scams revolving around the fear of the virus, have been increasing with each passing minute. At LLCU, we want you to be armed with information and measures to protect your online identity and personal financial information.


TYPES OF SCAMS CIRCULATING:

Robocall Scams: Robocalls are on the rise with this crisis. Scammers are calling to offer to sell you fake cures, vaccines, fake test kits, and advice on unproven treatments for COVID-19. No legitimate medical professionals or organizations will call an individual with this offer. Treatments will only be facilitated through a medical facility. In addition, some calls target business owners stating, “small business who may be affected by the Coronavirus need to ensure your Google listing is correctly displaying. Otherwise customers may not find you online during this time.” Additionally, some are offering ways to apply for grants and financial loans during this economic downturn. Here’s how to avoid this type of scam:

  • Hang up on robocalls. Ignore offers.
  • Don’t press any numbers.
  • Report to your local law enforcement non-emergency hotline.
  • Fact-check information received at a reputable website, like the FDA or CDC.
  • Realize, at this time, there are no FDA-authorized home test kits for the Coronavirus.

Supply scams:  Scammers are creating fake shops, websites, social media accounts, and email addresses claiming to sell medical supplies currently in high demand, such as surgical masks, gloves, etc. When consumers attempt to purchase supplies through these channels, fraudsters pocket the money and never provide the promised supplies, with little to no trace of evidence to track them down. Here’s how to avoid this type of scam:

  • DO NOT click the links sent in the email offer
  • Type in a URLs (web address) of a supplier you know to be genuine
  • Be aware that scammers often employ addresses that differ only slightly from those belonging to the entities they are impersonating. For example, they might use “cdc.com” or “cdc.org” instead of “cdc.gov.” 
  • Before taking a chance on a new or unfamiliar supplier, check them out with trusted industry colleagues
  • Check online reviews of any company offering COVID-19 products or supplies.  Avoid companies whose customers have complained about not receiving items.

Provider scams: Scammers are also contacting people by phone and email, pretending to be doctors and hospitals that have treated a friend or relative for COVID-19, and demanding payment for that treatment. Here’s how to avoid this scam:

  • Hang up on the call. Contact the loved one they refer to, if by name or relationship.
  • Do not give any personal information to the caller.
  • Report to your local law enforcement non-emergency hotline.

Charity scams: Scammers are soliciting donations, via telephone and email, for individuals, groups, agencies, counties, cities and other areas affected by COVID-19. Here’s how to avoid this type of scam:

  • Hang up on the call or delete the email.
  • Do not press any numbers on the phone or give any personal information
  • Do not click any links in an email.
  • Fact-check information received by googling the organization cited as the recipient.
  • Do not let anyone rush you to donate.
  • Do not make donations of cash, gift card, or by wiring money.
  • After you’ve researched and if you decide to donate, only donate through a secured site
  • Report fraud to your local law enforcement non-emergency hotline.
  • For online resources on donating wisely, visit the Federal Trade Commission (FTC) website. 

Phishing scams: Scammers posing as national and global health authorities, including the World Health Organization (WHO) and the Centers for Disease Control and Prevention (CDC), are sending phishing emails and texts designed to trick recipients into downloading malware or providing personal identifying and financial information. Here’s how to avoid this type of scam:

  • Don’t click the links sent in the email offer
  • Type in a URLs (web address) of a supplier you know to be genuine
  • Be aware that scammers often employ addresses that differ only slightly from those belonging to the entities they are impersonating. For example, they might use “cdc.com” or “cdc.org” instead of “cdc.gov.” 

App scams: Scammers are also creating and manipulating mobile apps designed to track the spread of COVID-19 to insert malware that will compromise users’ devices and personal information. 

  • Do not download any apps sent to you via text or email or that you’ve seen in an online ad.
  • Use the CDC, WHO sites, or your local, reputable news stations, for COVID-19 updates

Government Check Scams: You’ve seen news stories about whether financial help for businesses might be available in the future. But remember that criminals read those headlines, too, and use them to make their phony pitches sound more credible. If someone calls or emails you out of the blue claiming there’s money available from a government agency if you just make an up-front payment or provide some personal information, it’s a phony.

  • Do not click any links or give any sensitive information
  • Work exclusively with a certified financial advisor to inquire about government assistance

Co-Worker Email Scams: In this case, an employee gets a message that appears to come from a co-worker within their company or organization, or from a member of the IT team, directing the person to wire money, transfer funds, send gift card codes, or allow access to computer for an upgrade or installation. Upon a closer look, you’ll see the email address of your co-worker is not the real address. This is not a new scam but given the environment of people working remotely from home, it is seeing a resurgence since co-workers are not near each other to verify. Here’s how to avoid this type of scam:

  • Remind your staff not to respond to messages like this
  • DO NOT download anything or click on links in unsolicited email
  • Report the email to your IT department

 

Data Scams: With more people telecommuting, hackers are hoping that companies and employees will slip up and allow sensitive information to be more easily accessible. Here’s how to avoid these types of scams:

  • Keep your security software up to date.
  • Use strong and unique passwords on all your devices and apps.
  • Secure your home network. Turn on encryption (WPA2 or WPA3). Encryption scrambles information sent over your network so outsiders can’t read it.
  • Never leave your device unattended. When not using, keep it locked and password-protected.
  • Dispose of sensitive data securely. Shred papers with sensitive, proprietary information on it.
  • Avoid using public Wi-Fi networks whenever possible, and if you must use a public connection, select the most secure option, such as a Virtual Private Network (VPN).
  • Follow your employer’s security practices. Your home is now an extension of your office. So, follow the protocols that your employer has implemented.

WHO IS MOST SUSCEPTIBLE TO CORONAVIRUS SCAMS?

Unfortunately, the mature demographic (60+) and those found to be most vulnerable to the COVID-19 disease are most susceptible to these types of scams. However, in this environment of fear and uncertainty, we are ALL vulnerable and susceptible to these types of scams.

Additionally, aside from feeding off the fear, hackers also use to their advantage, the fact that often the older population is less experienced with technology, many having only adopted technology practices in recent years. Therefore, it may be less obvious to this age group that an email address is fraudulent because they are designed to appear legitimate at first glance.


I’VE ALREADY CLICKED A LINK, GIVEN PERSONAL INFORMATION AND/OR SENT MONEY TO A SCAMMER. WHAT SHOULD I DO?

Sometimes we all fall victim. During a stressful time as such, it’s easy to lower your guard and allow the “hacker” inside quite unknowingly. If you realize this has happened to you, here are some steps to follow:

  • Change Passwords. If you’ve clicked the wrong link or provided personal information in response to a phishing scam, change your passwords immediately. This goes for email and all accounts, including bank accounts and PIN numbers. Create strong, unique passwords.
  • Notify Credit Agencies. Contact one of the three major credit bureaus (Experian, Equifax, TransUnion) as soon as possible and let them know your account was potentially compromised. Place a fraud alert on your account until the issue has been resolved.
  • Contact Credit Card Companies. Alert credit card companies and explain the situation. Your credit cards might not have been used yet, but if you feel unauthorized charges are in your future, it’s essential to freeze or cancel your cards.
  • Update Your Software. Regularly update software on all of your electronic devices. Upgrades regularly include new security features to keep your private information safe.
  • Report your scam. Report the fraudulent activity or scam to your local law enforcement agency through a non-emergency hotline.
  • Stay vigilant with all accounts. Regularly check all your bank and credit accounts for activity. Fraud-related scams that breach your privacy can have resounding affects for months, even years.

CLICK THE IMAGE BELOW TO HEAR MORE TIPS & ADVICE FROM LLCU Chief Information Officer:


*Sources for this article were www.ftc.gov; www.justice.gov; https://us.norton.com;