Disasters have a tendency to bring out the best and worst in people. Sadly, serial fraudsters view events such as the COVID-19 pandemic as the perfect opportunity to strike. They are keenly aware that potential victims and typical watchdogs are likely distracted, stressed and overwhelmed. Unfortunately, fraudsters are well experienced in using fear and panic to their advantage.
To protect yourself, your employees, and your customers during these difficult times, be aware of the following scams which, unfortunately, are currently on the rise.
In Phising/SMiShing schemes, fraudsters use emails and text messages that induce a victim to reveal sensitive personal information such as financial data, email credentials, passwords, etc.
A tried and true method used by would-be fraudsters is to make messages appear to be from legitimate sources. During the COVID-19 pandemic, beware of messages that appear to originate from the Centers for Disease Control, World Health Organization or local health department. Fraudulent messages will exploit a victim’s fear and/or desire for information by including links stating “For the safety measures you need to know, click here,” “Clicking here could save your life,” or “Click here to read the latest on COVID-19.” Others pose as shipping companies and send seemingly inconspicuous messages such as “Click here to update your delivery preferences to protect yourself against COVID-19.”
These links may direct a victim to a legitimate looking site, where they are prompted to enter an email address and password. Should a victim enter the information, they may unwittingly provide a fraudster with full access to the victim’s email account, as well as any other accounts for which the victim uses the identical email and password combination.
Other Phishing/SMiShing scams in the age of COVID-19 offer “free” testing kids and services or related products, claiming the victim need “only pay shipping and handling.” Once the unassuming victim enters their credit card information, the fraudster may use the information for unauthorized purchases. The testing products either never arrive, or if they do, they do not work. In such cases, not only has the fraudster stolen the victim’s identity, but the victim may also have relied on the results of a bogus medical test.
In a COVID-19 blackmail scam, fraudsters prey upon business-owners’ fears that an outbreak at the business’s location could have disastrous effects on sales. The fraudster may contact the would-be victim claiming to be an individual who has contracted COVID-19 at the victim’s business. The fraudster then demands payment in exchange for their silence. The payments are to be sent to overseas accounts which are virtually untraceable.
Malware attacks use malicious software to damage devices, steal data and/or gain unauthorized access. Examples include ransomware, keyloggers and spyware.
Malicious links and attachments can trigger a download of malware onto your computer or device. In such attacks, again the fraudster preys on the victim’s desire for information during crisis.
One example of malware recently discovered uses a supposed “real-time Coronavirus map originally developed by Johns Hopkins” as its bait. A fraudulent “Coronavirus Tracker” app is also in circulation. Victims, intending to obtain useful information such as the real-time location of positive tests, click to open the attachments and unwittingly install malware programs on their devices. Such malware programs may be used by fraudsters to gain access to company networks—especially during a time when many employees are accessing their employers’ networks remotely—or may be used to appropriate email programs and passwords stored on the device. Other malware programs may lock a user out of the device, and demand a ransom payment to unlock the user’s data.
Combatting Remote Data Attacks
To combat Phishing/SMiShing, blackmail and malware attacks:
The team at GLEASON has numerous trained Certified Fraud Examiners and forensic accounting professionals who stand ready to help you manage the fraud risks that you and your organization face today and every day. We will get through this together.