March 24, 2020
by Christina Belfiglio
Office Operations and Management
Scammers wasted no time in exploiting the Covid-19 virus for their benefit. They have created scams seeming to come from the CDC and from employers; and they hid viruses in what appear to be links to official Covid-19 data.
SCAMS to watch out for:
- Covid-19 Home Tests – you cannot purchase test kits to use from home. Any sites, calls, or door-to-door sales that claim this is a scam. Don’t be fooled if they say they are from the Red Cross, it’s a scam.
- Phishing Emails or texts are messages containing attachments or links which, once launched download malicious software (malware). The malware could allow cybercriminals to take control of your device, record keystrokes, and/or access your personal information. Go to the source itself instead of clicking links in emails or on social media. Known scams include messages claiming to be from:
- The World Health Organization (WHO) or from Dr. Tedros Adhanom Ghebreyesus, Director-General of WHO. The actual link to WHO is https://www.who.int/
- The U.S. Centers for Disease Control (CDC). The actual link to the CDC is: https://www.cdc.gov/
- Employers – Emails may appear to come from an employer and contain a link to a policy.
- Messages threatening to infect you or your family with the Coronavirus. These messages may reveal a password you once used which was found in a data dump from a recent breach. The message may demand funds in the form of bitcoin or gift cards.
- Financial Relief – This email campaign promises to send a check, possibly as part of the government stimulus package. They request your personal and bank account information as well as your social security number. The government already has some, if not all, of this information. The government will not email you regarding a stimulus check.
- Fake Charities – with any disaster or major health event scammers use those instances to take advantage of your generosity. Research the charity and go directly to the organization’s website instead of donating via links. Requests for donations via cash, gift card, or wiring money are scams. It’s best to pay by credit card so you can dispute the charge if you find out it is not legitimate. For more tips on donating responsibly and research charities review information on the Federal Trade Commission website: https://www.consumer.ftc.gov/features/how-donate-wisely-and-avoid-charity-scams#researchhttps://www.consumer.ftc.gov/features/how-donate-wisely-and-avoid-charity-scams
- Robocalls – recorded calls that may range from virus treatments to work-at-home schemes. Do not push any buttons as this may lead to more robocalls. Hang up and if possible, block the number from your phone.
Tips for recognizing and avoiding phishing emails
Here are some ways to recognize and avoid coronavirus-themed phishing emails.
Like other types of phishing emails, the email messages usually try to lure you into clicking on a link or providing personal information that can be used to commit fraud or identity theft. Here’s some tips to avoid getting tricked.
- Beware of online requests for personal information. A coronavirus-themed email that seeks personal information like your Social Security number or login information is a phishing scam. Legitimate government agencies won’t ask for that information. Never respond to the email with your personal data.
- Check the email address or link. You can inspect a link by hovering your mouse button over the URL to see where it leads. Sometimes, it’s obvious the web address is not legitimate. But keep in mind phishers can create links that closely resemble legitimate addresses. Delete the email.
- Watch for spelling and grammatical mistakes. If an email includes spelling, punctuation, and grammar errors, it’s likely a sign you’ve received a phishing email. Delete it.
- Look for generic greetings. Phishing emails are unlikely to use your name. Greetings like “Dear sir or madam” signal an email is not legitimate.
- Avoid emails that insist you act now. Phishing emails often try to create a sense of urgency or demand immediate action. The goal is to get you to click on a link and provide personal information — right now. Instead, delete the message.
Tips for Staying Protected
- Report suspected scam to the Federal Trade Commission at ftc.gov/complaint.
- Update the software, virus and malware protection on all of your devices.
- Always Question the source and validity of the information you receive. Go directly to the source instead of clicking links or opening attachments.
- Check with your IT department at work to verify if a message is a scam or legitimate. If you receive something that appears to come from someone in your company send them a separate message or call them to verify the validity.