During a disaster crisis, people tend to let their guard down on normal routines because they are busy worrying about how to keep their doors open. Unfortunately, this is a perfect storm for fraudsters. Within a month of the outbreak in China, scams relating to COVID-19 began surfacing.
We do not want to add to your worries or cause undue stress, but would like to make you aware of some recent scams relating to COVID-19 as reported by the Federal Trade Commission (FTC) and the Association of Certified Fraud Examiners (ACFE) and provide you with helpful tips to reduce your chance of becoming a victim.
Q: What are some of the recent scams reported involving COVID-19?
A. The list continues to grow daily. A few examples include:
- Public Health Scams: Emails from entities posing as the Centers for Disease Control and Prevention (CDC) or World Health Organization (WHO). Unsolicited emails, texts, or phone calls with language to elicit fear and urgency and requires you to click on a link, download a file, login to your email account or provide your social security number.
- CEO Scam: An employee receives an email or text purported to be from a higher-up in their company (hacker spoofs the email or phone number) with an urgent request to wire transfer money or purchase gift cards and states they are currently unavailable to discuss by phone.
- IT Scam: An employee receives an email purported to be from their IT department directing the employee to download software or change their password.
- Government Check Scam: Phone calls, emails or texts purported to be from the government regarding your check from the Stimulus package.
- Robocall Scam: Calls claiming they have at home test kits available, problem with your SSN, lower your debt or forgive student debt, tech support, etc.
- Data Scams: With more people working remotely, hackers are hoping companies will drop their online defenses, making it easier to infiltrate data-rich networks.
- Investment Fraud Schemes: Companies claiming to be working on finding a cure.
- Charity or Crowdfunding Fraud: Requests for cash, wire transfers or gift cards related to COVID-19.
- Product Fraud: High-demand products offered by third party sellers on legitimate websites (i.e. Amazon, Walmart, eBay).
Q: Do you have any recommendations or tips to avoid Coronavirus scams?
A: Below are some tips to help avoid the above scams:
- Do not click on links or download files from unknown sources. In a separate browser window, go directly to the website (i.e. https://www.cdc.gov). Do not copy and paste the link, this could still direct you to a fraudulent website. If possible, use a search engine to find the website. If you recognize the sender, hover over the sender name to reveal the email address and verify it is accurate. Note, hackers can be clever by using letters that are similar and at a quick glance you do not notice the difference. Example: apple.com – appie.com. Additionally, you can hover over the link to see where it is directing you. Also, be careful with the email address as well. Hackers can spoof an email address that makes the receiver believe it is coming from the address it should be coming from. It never hurts to ask the sender to verify they sent the intended message. A short telephone conversation can confirm if it is a legitimate email.
- If you receive a message from a business associate requesting a wire transfer, do not reply to the email. Use your mouse to hover over the sender name, to reveal the email address. Pick up the phone and call the person directly to verify. If you are uncomfortable with calling them, create a new email to the individual ask them to verify. But remember, a little uncomfortableness and a short awkward call is better than falling victim to a fraudster.
- Verify any messages claiming to be from your IT department.
- Hang up on unsolicited phone calls claiming to be the government and requiring you to provide your SSN or your bank account information for direct deposit, etc.
- Hang up on robocalls. Do not press any numbers, this could lead to an increase in robocalls.
- On telephone calls, when they ask your name, never use the response ‘yes’ or other type of affirmative words. Instead, use the phrase ‘speaking’. The fraudster could be recording your voice and will use it to access your account.
- Continue to maintain strong internal controls; require multi-factor authentication; ensure remote access servers are effectively secured and fully patched; and secured effectively; employees working remotely are using a secure network and logged on to the company’s VPN, etc.
- When at all possible, do not log into your company VPN using a public WiFi system. There could be wireless sniffers that will capture your user id and email.
- The SEC warns individuals to be cautious of claims that a company’s products or services can help stop the coronavirus especially claims that involve microcap stocks.
- There is nothing wrong with donating during a time of need. However, do some due diligence by first fact checking the charity (i.e. Charity Navigator). When donating, use a credit card. If they require cash, wire transfers or bitcoin, those are red flags for scammers.
- Do not buy high demand items (i.e. masks) from third-party sellers on legitimate websites such as Amazon, Walmart or eBay. The product may be counterfeit, non-existent or price gouged. Do not buy any kits claiming to be a vaccine for COVID-19 – it does not exist.
Q: Are there any other potential fraud schemes to be aware of during this time?
A: Unfortunately, with many individuals being laid off, hours cut or unable to work remotely, occupational fraud may become a concern. A common methodology used to explain why individuals commit fraud, is the fraud triangle which consists of three points: opportunity, pressure and rationalization. During times of economic crisis, normally trustworthy individuals with access to company funds (opportunity) may be experiencing dire financial needs (pressure) which may cause them to “borrow” (rationalize) money from their employer. It is important to not abandon or loosen internal controls. Someone besides your bookkeeper or CFO should review online banking activity for any unusual wire transfers or payments especially for amounts below company thresholds. We recommend using a dual control principal, if possible, when making wire transfers or payments. One person has the ability approval, the other person only has the ability to perform the transaction. Also, make sure there is an audit trail, and it is reviewed by a third person.
In summary, below are some of the ACFE recommendations:
- Do not abandon anti-fraud controls.
- Review organizational payments.
- Pay with credit cards, which have more protection that debit cards. Do not pay in cryptocurrency (Bitcoin) if asked.
- Freeze your credit.
- Verify any change in payment instructions.
- Check trusted sources of information regularly and ignore unsolicited emails.
- Don’t click on links or download files from emails or SMS messages.
- Double-check URLs and email addresses in fundraising requests.
- If donating to a crowdfunding effort, try to verify the legitimacy.
- If possible, verify requests via phone calls to known numbers. Do not call the number listed on the email as it may be spoofed.
Please reach out if you would like to further discuss or we can assist with any of your questions during these uncertain times.