As if the COVID-19 pandemic isn’t enough to deal with already, coronavirus security threats are erupting as nefarious individuals use this crisis to target organizations and individuals for their own financial gain. This article addresses some of the coronavirus scams out there today that threaten your security and how you may protect yourself.
Stimulus Payments and CARES Act Benefits Scams
Fraudsters stay on top of the headlines and prey upon desperate individuals or organizations. Here they may call or email you offering to speed up the receipt of your stimulus check or approval for small business administration (SBA) programs such as the Paycheck Protection Program or the Economic Injury Disaster Loan. Of course, they don’t offer this assistance for free, but need payment in advance under the guise of a filing fee for the assistance that never comes.
They may ask you to click on a link where they can steal sensitive information or install malware. Posing as a government agent, they may ask you for your banking information so as to direct deposit your stimulus check or loan payment. Never blindly click on links or give out sensitive information unless you are certain who you are giving it to.
Coronavirus Treatment or Test Scams
Preying upon the pandemic fears, fraudsters email you with malicious attachments to download. They may also send links to a bogus website offering personal protective equipment (PPE), ventilators, coronavirus test kits, antibody tests, or coronavirus vaccines. They happily take your supply order, wire transfer, or credit card information.
Due to the high demand and low inventory, of course, as part of the scam, you will need to pay in advance of your order delivery. These scams prey upon fear and urgency to entice you to act now without thinking. Their website may even be very similar to an authentic similarly named website in order to trick you into thinking they are a legitimate business. Note: there is no vaccine or cure for the coronavirus yet.
Fraudulent Charity Scams
Most people want to do what they can to help needy people out during these unprecedented times. Fraudsters create fake charities to take advantage of generous individuals with a desire to help. The scammer may call, email, text, or direct you to a fake website asking for a donation. The charity may even appear legitimate and claim to be aligned with the Center for Disease Control (CDC) or the World Health Organization (WHO). Never donate in a hasty manner. Confirm the charity is a reputable 501(c)(3) organization before handing over your hard-earned money.
Governmental Agency Text Message Scams
Fraudsters email or text you a link to take a coronavirus preparedness test, survey, or other activity as if sent from the Department of Health and Human Services (HHS), Center for Disease Control (CDC), or the World Health Organization (WHO). These links instead unleash ransomware or other malware that can take over your computer, steal sensitive information, or cause other damage.
Business Email Compromise Scams
Here the fraudster is taking advantage of employees teleworking from home. They send a message that appears to come from a legitimate senior member of management at the company by spoofing their email address to an employee and directing them to make an emergency payment by wire transfer. Alternatively, the email could appear to come from someone from the IT department asking the employee working from home to download software to protect their home computer or click a link to the Company’s new teleconferencing platform.
In either case, malware may be installed and sensitive information stolen. Your tech support team may be inundated with responsibilities and your staff may be caught off guard with their new teleworking routine during the current pandemic crisis. Never respond to a suspicious email, click on a link, or download software unless you are sure of its source.
Fraudsters use the coronavirus concerns to exploit an individual’s fears for financial gain. These robocall scams tout fake coronavirus test kits or sanitation supplies, for example. For businesses, they may pitch information on their Google listing to ensure it is accurately being displayed. Don’t respond to robocalls.
Protect Yourself From a Scam
Even in times of crisis, fraudsters never sleep and they capitalize on the fear and chaos that is reported in the headline news media surrounding the COVID-19 pandemic. There are several things that you can do to prevent yourself or your organization from being victimized. The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issues updates on tactics used by cybercriminals to exploit the COVID-19 pandemic. Additionally, the Federal Trade Commission (FTC) provides information on coronavirus scams and how to avoid them in order to protect consumers and businesses. See our post on maintaining optimal cybersecurity with remote staff working from home during the coronavirus outbreak. Other steps that you can take to protect yourself from a scam are noted below:
- The single best thing that you can do is to never click on a link or download an attachment that you are not sure from where it came.
- Never wire money or share banking instructions without verifying the legitimacy of the receiver.
- Keep an eye open for bogus emails and websites that appear to be authentic or aligned with the CDC or WHO.
- Research charities to validate they are a bonafide 501(c)(3) before donating to them.
- Be skeptical of anything coming from a governmental agency related to the coronavirus pandemic, economic impact payments, or disaster relief.
- Always use a secured internet connection, a strong complex password, and multi-factor authentication when possible.
- Hang up on robocalls or better yet, don’t bother answering the call.
Fraudsters are using the coronavirus pandemic crisis as a lure to trick individuals into clicking a link, sharing their credentials, or downloading an attachment seeking to do harm. During these unprecedented times, individuals and organizations must be vigilant to coronavirus security threats that can wreak havoc on their bank accounts and networks.
Becky McCarty (CPA, CISA, CRISC, CIA, CFE) specializes in SOC 1 and SOC 2 examinations for Linford & Co., LLP. She completed her Master’s degree in Information Systems in 1996, started working with KPMG in 1999, and joined Linford & Co., LLP in 2018. She works closely with clients so that the examinations are performed efficiently and with minimal disruption while ensuring performance in accordance with professional guidance. She enjoys helping clients successfully achieve the requirements for their SOC audit reports based on their applicable trust services criteria.