With the recent spike in Covid-19 cases, it is important for organizations to watch out for scams created by fraudsters taking advantage of growing uncertainty. Many of these scams involve fraudsters claiming to come from trusted government or public health organizations, well known retailers, or even the targeted organization, itself. The following will discuss seven coronavirus scams that are “targeting your business,” according to the Federal Trade Commission (FTC; see their article here).
Public Health Scams and Government Check Scams occur when fraudsters obtain protected information under the guise of a public health or government official. Public health scammers have been known to send phony messages from the Centers for Disease Control and Prevention or World Health Organization requesting confidential information such as Social Security numbers and tax IDs. They have also sent phishing emails with instructions to click on an attachment that, in reality, installs malware on your network. Fraudsters behind government check scams contact organizations claiming to represent a government agency that will provide financial relief as long as the organization makes an up-front payment or provides certain protected information. The FTC reminds everyone to be weary of “unsolicited” or “out of the blue” messages and to not respond to or open attachments from such emails.
Supply Scams and Robocall Scams typically involve fraudsters operating under the guise of a well-known company. Organizations fall victim to supply scams when they purchase non-existent supplies from phony retailers. Since scammers create highly convincing phony websites, the FTC recommends typing in the URL to your trusted online retailer. They also recommend checking with “trusted industry colleagues” before buying from unfamiliar suppliers. The FTC warns of two types of robocall scams. Organizations may receive calls from phony tele-marketers trying to sell supplies that the pandemic has made essential. They may also receive robocalls claiming to come from Google to “ensure your Google listing is correctly displaying. Otherwise customers may not find you online during this time.” The FTC states, “Remind your staff that the only right response to an illegal robocall trying to sell something is to hang up.”
Business Email Scams and I.T. Scams are carried out in a way that makes it seem that the scammer is a trusted member of the targeted organization. In a business email scam, a fraudster sends an email claiming to be a higher-up and directs an employee to unknowingly make a fraudulent financial transaction. While business email scams are not new, the FTC warns that the economic upheaval caused by the pandemic may make an unusual financial transaction seem less questionable. Furthermore, the FTC acknowledges that it is more difficult for employees to verify the legitimacy of such directions when working remotely. I.T. Scams involve a fraudster pretending to be a member of an organization’s I.T. staff. The fraudster may email employees asking for their passwords or instructing them to download software. The FTC recommends warning employees of these potential scams and giving them a “central in-house contact where they can verify requests they may receive.”
Finally, the FTC warns of Data Scams in wake of the Coronavirus pandemic. Unlike the aforementioned scams, data scams do not involve fraudsters directly interacting with victim organizations. Instead, data scams occur when hackers take advantage of lapses in network security that may occur when employees transition between working in person and remotely and conducting business on work issued and personal devices. The FTC directs employers to its own resource, “Online security tips for working from home,” along with a number of resources created by the National Institute of Standards and Technology for more information.
We know that fraudsters are opportunistic and that they will continue to use the uncertainty brought on by the Coronavirus pandemic to their advantage. The best way to protect your organization is to keep employees at all levels informed about current scams and how to handle them. You can also protect your organization and others by reporting Coronavirus scams directly to the FTC and by encouraging your employees to speak-up directly to you or through your hotline (more on that here). Although we have been dealing with the pandemic for over a year-and-a-half, organizations must continue to remain vigilant against all risks brought on by this new normal.