From washing hands frequently to maintaining a safe “social distance,” we’ve all been learning important steps to protect ourselves from COVID-19, or coronavirus. It’s also critical to take steps to protect your information from hackers and scammers who are capitalizing on the pandemic.
The World Health Organization (WHO), the Federal Trade Commission, the Security Exchange Commission and the Better Business Bureau have all issued warnings about criminals who are trying to exploit fears to steal money and personal information.
Here are some of the most common coronavirus-related scams happening today — and steps you should take to avoid falling victim.
Fake government or health officials
Be aware that scammers are disguising themselves as legitimate government officials. Criminals will create official-looking websites or use professional kits to copy the logos and email format used by the Centers for Disease Control (CDC), the WHO or other respected organizations.
These scammers will encourage you to click a link to get the latest statistics or information to avoid personal danger. Once you click, you might download malicious software that allows a criminal to take control of your device and access your personal or financial information. Such attacks count on you being flooded with information and on the lookout for guidance during a confusing time. Other attacks involve ransomware, in which a scammer will encrypt your phone’s data and demand a Bitcoin ransom to access it.
Another online scam — which often uses the email subject line “get funds now” — directs people to a fake government website on the pretense of getting a COVID-19 tax refund. Again, scammers coax you to provide personal and tax information they can exploit.
Some scams have an obvious financial connection. A telephone caller will pretend to be an official from a hospital or clinic. The caller might tell you that a relative of yours suddenly became sick and that the hospital requires immediate payment to provide medical services.
Frequently, criminals will reach out to you in multiple ways, such as a text message followed by an email or an email coupled with a phone call. They know this makes their message seem more legitimate.
Exploiting your generosity
During a crisis, many people want to help others, and scammers take advantage of these laudable impulses. Often, they will do fake fundraising on the pretense of helping a specific victim of COVID-19 or a charity group claiming to serve victims.
Like the scammers who use legitimate government logos, these thieves take steps to make their call to action seem convincing. They’ll use stories and photos of actual people from fundraising platforms like GoFundMe.
Offering fake cures
Some scammers are preying on people’s fears by putting up websites that offer treatments that don’t currently exist or items that are in short supply: face masks, antibacterial cleaners, testing kits and natural or pharmaceutical cures. Often these items are offered at extremely low prices. Some people are tempted to click quickly, forgetting the old adage “A deal that looks too good to be true probably isn’t.”
Once again, these sites might infect your computer or steal your financial or personal information. Even worse, some scammers might endanger your health by sending substandard or dangerous products.
Fake sellers also infiltrate social media channels, groups or marketplaces to collect payments from unsuspecting individuals who don’t receive the goods they’re expecting.
Criminals will use social media to promote stocks they claim have a product or service to prevent or treat COVID-19. In addition to pushing “can’t lose” investments, misinformation can be used by unethical bloggers or news sites to drive up their page views.
How to protect yourself
Here’s a checklist of actions to help avoid coronavirus scams:
- Secure your Internet connection. If you’re working remotely, ensure that your home Wi-Fi network is secured with a robust password and, when possible, avoid public networks.
- Use multi-factor authentication. This security process should be used for all of your personal email, banking and financial information and your Internet service provider. It requires two pieces of information to verify your identity, such as a password and a one-time code that’s texted or emailed to you.
- Protect your information. Don’t give out your personal or financial information, such as your Social Security number, date of birth and bank account number. A legitimate charity, for example, won’t ask for this kind of information.
- Be cautious of clicking. Never click on links in unsolicited emails or social media messages; they can release malware. A good practice is to ask yourself, “I didn’t ask for this, so why am I receiving it?” Fraudsters can create convincing fake websites; be wary and check the URL.
- Do your research. Don’t assume pleas for help on social media or crowdfunding sites such as GoFundMe are legitimate. You shouldn’t text a payment to a charity without confirming the phone number on the charity’s official website. Before you give, see how watchdogs, like your state’s charity regulator, rate the organization. If you’re considering buying medical supplies online, check online reviews to ensure that you’re dealing with a legitimate company.
- Don’t be pressured. A legitimate charity will welcome a donation whenever you want to make it. A government official won’t call and demand you pay a bill on the spot. Be wary if you receive a phone call, a text or an email from someone you don’t know demanding you act at once. If a caller asks for payment in a cryptocurrency, such as Bitcoin, or other unusual payment methods, such as gift cards, they’re not legitimate.
- Avoid unusual forms of payments. Scammers often ask for payments in cash, wire transfer cryptocurrency or gift cards because they’re difficult to trace. Credit cards and checks are safer. Be wary if you’re asked to make a payment to a bank account that’s located in a different country than the company.
- Listen to your gut. Be on guard for a “thank you” for a charity donation you don’t recall — scammers try to make you feel you already have a connection to them to lower your resistance to make another “donation.” If something feels wrong, don’t be afraid to validate the information with other reputable sources.
- Keep close track. Keep records of your donations and regularly review your credit card account to make sure you weren’t charged more than you agreed to give or unknowingly signed up for a recurring donation. Set up alerts that tell you if there’s been any action on your accounts or transactions. Monitor and review your accounts daily and notify your bank immediately if something looks wrong or you believe you’ve fallen victim to a scam.
- Stay informed. Only use trusted sources — like verified news sites and official governmental organizations — to receive up-to-date information about COVID-19. The CDC and WHO are two trusted sources of information.
During times of uncertainty, scammers try to prey upon fear and frenzy. If you remain calm, collected and sensible, you can ward off their attempts to take advantage of the situation.
Share this information with family and friends to help prevent them from falling victim to scams as well. If more people are aware of these tactics in advance, fraudsters lose the advantage of surprise.
For First Republic’s resources on what to do if you’ve been the victim of fraud or attempted fraud, click here.