6 Types of COVID-19 Scams to Watch Out For
This blog post was originally published on the FICO Blog on July 20, 2020.
COVID-19 scams are on the rise. In a recent webinar I hosted, we learned that 31% of participants had received a communication that looks like a COVID-19 scam in the past 30 days.
While we've seen it take some unexpected turns, like the surge of pet adoption scams, where criminals prey on the desire to adopt a furry friend while under quarantine, there are other kinds of fraud that we have come to know and expect from criminals.
At FICO, part of our core mission is to keep people safe from fraud. That's why I've been sharing resources to keep you safe. Here are common types of fraud to watch out for:
With phishing, bad actors use malicious emails that are disguised as legitimate to trick people into providing sensitive information or taking potentially dangerous action. This could take the form of an email that appears to be from a well-known company, like your bank, and may ask you to open an attachment with malicious software or call a fake customer service number. There is also spearphishing where fraudsters perform a very targeted attack on a researched person or organization. For example, you may receive an email that appears to be from a family member requesting that you transfer money right away.
Vishing is like phishing, but over the phone. Criminals take the same strategy and deploy it via phone calls. These attacks have become more sophisticated over the years. In one recent example, a criminal impersonated the leader of a UK-based energy firm using voice-generating AI software to convince a chief executive to wire $243K.
Smishing is similar to phishing, but is executed through text messages. Earlier this year, many received a text message they thought was from FedEx, but instead came from bad actors directing recipients to enter credit card information, which lead to being billed $98.95 every month.
Pretexting entails someone contacting you and lying about who they are to trick you into giving them something they want. Beware of people claiming to be part of reputable organizations, like research firms or government agencies, asking you for personal information like bank card numbers or your Social Security number.
5. Fake Profiles
There are fake profiles being set up on social media, often with connections you recognize, that will contact you and attempt to trick you into taking an action that benefits them. After making it appear that they know you, a fraudster may message you asking for money or personal information on social media. This can also take shape as a romance scam, where the criminal creates an enticing fake profile and builds a relationship with their unsuspecting victim.
6. Quid Pro Quo
Quid pro quo scams offer a benefit to the victim in exchange for information. In one example of this attack, criminals impersonate the U.S. Social Security Administration and ask for confirmation of a person's Social Security number to "ensure records are accurate due to computer problems." But the story a scam artist weaves can be a lot less complex. Studies have shown that people have given away their passwords for small gifts, such as chocolate, which is a trick fraudsters also employ.
How To Protect Yourself
Always confirm requests through another channel that you know is legitimate. Fraudsters create a sense of urgency so that you won't have time to think about your response or check it out. There is typically a time-sensitive request that immediately needs you to take some type of action. For example, this could be a message from your "boss" that says if you don't wire funds to a client in the next hour, an important account will be lost.
Watch out for "fun" requests for information. Criminals have gotten savvier and have created ways to make their information gathering seem like a fun activity. This sometimes takes the form of an online game or quiz that asks for information—the same kind of information can also be found on identity verification questions.
You may not think you would fall for this, but have you ever taken an online quiz that asked what your favorite sport is or where you vacationed at the turn of the new year? I'm guessing if you haven't taken one, you've at least seen them online.
Be cautious about the information you share online. Fraudsters can use the information you freely share to take over your identity or use it to aid them in convincing you that they are someone close to you. Post only information you are comfortable with the entire world having access to and be especially guarded about personal information. Additionally, update your privacy settings on social networks to restrict access only to people that you trust.
Do your research. If you are skeptical about a communication you receive, use your favorite search engine to search relevant terms. Depending on the situation, you could search for the company, product, or situation plus terms like "review," "scam" or "complaint" to see what others are saying. For instance, if you receive a call from the IRS, you could use the search term "IRS scam" or "IRS scam" with the phone number you received the call from to see if a scam has been reported.
Leverage technology to regularly monitor your bank accounts. Set payment thresholds and low balance notifications, so that you are aware of sudden changes or unexpected charges to your accounts. If you bank at more than one institution, you can use a banking information consolidator, such as Mint, to monitor all transactions in a single place.
Use a different password for each account and enable multi-factor authentication where available. Utilize a random password generator and a password manager to increase the difficulty fraudsters have in gaining access to your various accounts. Many accounts now offer the ability to set up multiple steps in authenticating that the person logging in is who they say they are. Enable this capability so that additional measures are taken. These methods could include things like providing a PIN, a number distributed via text message or a biometric identifier.
Sign up for free Federal Trade Commission (FTC) scam alerts. The FTC tracks new prevalent scams that you should be aware of. Receive alerts about the most recent scams to watch out for so that you can keep yourself and loved ones safe.
What To Do If You've Been a Victim of a Scam
Don't panic. It can be extremely distressing to be a victim of a scam. Try to remain calm. Take steps to stop the fraudster in their tracks and find out if any remediation is available.
Report the scam immediately. People sometimes feel hesitant to report a scam because they feel embarrassed about being taken advantage of, but the sooner the scam is reported, the sooner steps can be taken to reduce the damage and stop it from happening to other people. Gather any relevant documents which could include emails, receipts, and phone numbers that will help you file a report. Report the scam to your bank and relevant government authorities. If you are in the US, use this resource to identify where you should report the scam. Otherwise, search online to find the best resources for your location.
Monitor your credit report and consider freezing your credit. Check your credit report for any unfamiliar activity. Freezing your credit blocks access to your credit reports, which are required by lenders and credit card issuers in turn stopping a scam artist from opening an account or getting credit in your name.
Use the help offered by breached organizations. Often organizations that have encountered a data breach, will provide free resources. This can include access to enhanced real-time credit reporting for a year so that you can see if accounts are being opened in your name sooner. Find out from the company that lost your information what they can do to protect you.
What other scams have you encountered or heard about? Let me know on Twitter @LizFightsFraud. In the meanwhile, stay safe!