The coronavirus outbreak has brought about sudden changes in our routines. Work is one of the areas most affected, and cybercriminals are trying to take advantage of the confusion to trick other people into providing their personal information.
Protect yourself and your company from coronavirus-related scam attempts with the following guidelines and tips. Keep them always in mind and make sure that your employees do the same.
Remember These Red Flags
Fraudsters engage unsuspecting victims in phishing attempts. This illegal practice consists in sending messages, supposedly from reputable sources, with the intention of having the recipients reveal their personal or financial information.
Two types of phishing scams related to coronavirus have been identified. One has to do with general news about the virus while the other one purports to offer information regarding Economic Impact Payments, the stimulus rolled out by the IRS and the Treasury Department to help those impacted by the pandemic.
In the first case, the messages usually include the following red flags:
- The words Coronavirus or COVID-19 appear in the subject line as a lure
- The terms Coronavirus or COVID-19 appear as a lure to spread malware.
- New domain names containing words related to coronavirus or COVID-19
On the other hand, phishing attempts related to Economic Impact Payments present one or more of these characteristics:
- The term Economic Impact Payment does not appear in the message. Instead, the terms “Stimulus Check” or “Stimulus Payment” appear
- A fake check with an odd amount is mailed. Then you are ordered to call a number or verify information online to cash it
- They ask you to check your Economic Impact Payment to someone else.
- They ask you by phone, email or social media to verify your information in order to receive or speed up your payment.
How to Avoid Coronavirus-related Scams
Cyber criminals are becoming increasingly sophisticated. However, you can thwart coronavirus-related scams easily by following these rules.
- Don’t click on links in unsolicited emails: If you don’t know the sender of an email, or if you know them, but the message seems suspect, don’t click on any link in the message. Keep in mind that scammers are exploiting the popularity of some remote work programs by giving malware names such as “zoom-us-zoom_##########.exe” and “microsoft-teams_V#mu#D_##########.exe.”
- Don’t reveal personal/financial information: Never, under any circumstances, provide personal or financial information prompted by an unsolicited email. If the message appears to come from your bank, contact their listed number to make sure you’re dealing with an official communication.
- Information is Key: Cyber criminals take advantage of our thirst for news and our desire to know. So, don’t play their game. Get your news only from trusted and official sources. For global news, you can visit the World Health Organization’s website. For United States news, check the U.S. government’s official coronavirus site or the Centers for Disease Control and Prevention (CDC).
If you receive a suspicious email, phone call, text message or social media message, don’t engage the sender. If the message is related to taxes or Economic Impact Payments, report the message to the IRS (phishing@irs.gov) and the Treasury Inspector General for Tax Administration.