The days of receiving an inheritance from a wealthy Nigerian prince are coming to a close. 2020 challenged the lives of everyone on our lovely planet, but for scammers, it was a year of opportunity.
Here are their most popular attempts to steal from those who simply hoped for this pandemic chaos to finally pass.
Psst. Below I talk a lot about phishing. It is the act of trying to breach through your defenses by using an email that masquerades as coming from a real organization.
1. New Approved Vaccines
Taking advantage of the global pharma race to produce a working vaccine against COVID-19, scammers have been caught sending phishing emails with a subject line like “URGENT INFORMATION LETTER: COVID-19 NEW APPROVED VACCINES.”
In these emails, the victims were directed to download a letter to learn where to get their vaccine. The attachment contained malware designed to steal sensitive information.
If you’ve received this email, please delete it immediately. Remember, opening any attachment downloads it onto your device.
2. Free COVID-19 testing
In a truly sick fraud scheme, fake medical labs were set up to provide COVID-19 testing. Targeting retirement communities, scammers drew blood from unsuspecting seniors, provided fake results, and billed their insurance company (or Medicare) for medically unnecessary services.
Ignore advertisements of COVID-19 testing on social media platforms. If you receive a suspicious call, hang up immediately. Advise your elderly neighbors or loved ones to be suspicious of any unexpected calls or visitors offering COVID-19 tests or supplies.
3. Pandemic Relief grant
While the unemployment rate skyrockets, people look to their government for help. Where our government takes a long time to act, scammers come to the “rescue” with a grant offered to those in need. Claiming to come from your local government agency, the bad guys have been caught sending a phishing email with a Dropbox link, which disguises their malicious attachment.
The email urges you to take immediate advantage of the grant before the money runs out. The expiration date is a ticking clock. But clicking the link will only get you to a fake login page. If you enter your password there, it will now belong to the bad guys.
Do not click links in emails you’re not expecting and don’t believe in grants you did not apply for on an official government page.
There is a business version of the same scam
The phishing link will come from an organization like the Small Business Administration (SBA), stating that your grant or loan application has been approved and you must click the link to receive your funds. The link will take you to an SBA lookalike website where you’ll enter your password and sensitive company data like tax ID and banking information.
There is also a social media version of this scam!
The bad guys create fake social media accounts and send private messages to unsuspecting victims about government grants, providing a handy phone number to collect the funds. The transaction requires a “processing fee” which might be only few dollars over the phone. Later, the victims find large sums of money taken from their accounts with no grant received.
4. Excel attack
The phishing email appears to come from the Coronavirus Research Center of John Hopkins University – a real organization. The attachment – an Excel spreadsheet – promises to include an updated list of Coronavirus deaths, but it carries a lot more than a fake list. Opening the spreadsheet and enabling the content downloads a remote access program onto your PC. This will give the bad guys complete control over your computer.
Don’t open attachments and never click Enable Content when you’re prompted for it unless you know exactly who sent it to you AND you were expecting a macro-enabled sheet.
5. contact tracing scam
Local health officials perform contact tracing to track exposure and prevent the spread of the pandemic. They might use phone and text messages to notify those who may have been exposed. Unfortunately, scammers have been caught impersonating contact tracers.
They might say you’ve come in contact with an infected person or accuse you of violating health and safety protocols. And they’ll give you a link to a fake website asking you to enter your social security number or insurance information. They might even offer you COVID-19 testing. In the end, you might end up with malware or stolen money.
Per FCC.gov, legitimate tracers will ask you for:
- Name,
- Address,
- Birthday.
Legitimate COVID-19 tracers will never ask you for:
– Social Security Number,
– Insurance information,
– Banking or credit card information,
– Require a processing fee.
Unfortunately, scammers feed on our emotions. The fear of contracting the virus. The hope for receiving help. They don’t discriminate against race, age or income. If anything, those most vulnerable get hit more often. We must remain vigilant and protect our loved ones.
Remember these tips to not become a victim of a phishing scam:
- Watch out for words that urge you to take action immediately. Scammers rely on your panic panic. They don’t want you to think long enough to spot their scheme.
- Don’t download (or open) email attachments you were not expecting.
- Don’t click links in emails you were not expecting.
- If the email appears to come from an organization you’re familiar with, visit that organization’s website directly – not through the link in the email. Look up their real website and phone number – don’t use the ones provided in the email.
- Remember, the email address and the link within could be spoofed. Even emails coming from people you know can be malicious.
- Be aware of disinformation campaigns which are spread throughout email and social media. They often contain exciting or alarming headlines designed to manipulate you into making impulsive decisions.
