COVID-19 Scams

While much of the country is preparing to slowly reopen, coronavirus-related scams are showing no signs of subsiding.

Malware Disguised as Excel Spreadsheets

Microsoft recently disclosed details on several massive COVID-19 themed phishing campaigns hackers are using to gain remote access to your PC and steal confidential information. Some of the fraudulent emails offer personal coronavirus testing or similar services, while many claim to be from Johns Hopkins University and have Excel documents attached with titles like “WHO COVID-19 SITUATION REPORT”, which claim to have statistics about the number of coronavirus deaths in the United States. If you open the Excel attachment and click on 'Enable Content', malware will download that allows cybercriminals to take over your computer.

For more information on this scam, visit lifehacker.com.

COVID-19 scams targeting college students

Even though most college students are no longer on campus, scammers haven’t given up on trying to steal their personal information.

Phishing emails claiming to be from the “Financial Department” of universities are arriving in many student inboxes. The emails instruct recipients to click on a link that needs to be opened through a portal requiring a university login to get a message about their COVID-19 economic stimulus check. By clicking “log in,” they may be giving their user name, password or other confidential information to fraudsters, and potentially downloading malware onto their computer.

For more information on this scam, visit the FTC website.

How to spot and avoid phishing scams

• Don’t open attachments or click on hyperlinks in ANY unexpected email – even if it looks like it’s from someone you know. Their email address book could have been compromised! The same goes for companies you do business with (Amazon, Netflix, etc.), as email addresses and company logos are easily spoofed.

• As always, don’t open suspicious emails – it’s a smart practice in general, but especially if they claim to be from Johns Hopkins University or a COVID-19 testing facility. If you do open an email from an unrecognized address, again, don’t click on links, open attachments or download any files.

• Keep your anti-virus software, applications and operating systems up to date.

• Take a closer look. While some phishing emails look legitimate, bad grammar and spelling can be a tip-off to phishing. 

• Remember, think before you click!

Report phishing to the FTC at ftccomplaintassistant.gov.

Unemployment insurance programs are being targeted by fraudsters, who are using personal information obtained from earlier data breaches to steal an individual’s identity and illegally receive the financial benefits. If you receive a letter from the Commonwealth of MA (or your state of residence) confirming enrollment in the unemployment insurance program but did not enroll in unemployment insurance, DO NOT IGNORE this. It is an indication that you are a victim of identity theft.  

For more information regarding this particular scam, visit https://www.mass.gov/info-details/report-unemployment-benefits-fraud.

For further guidance regarding identity theft in general, you can review the Federal Trade Commission (FTC) Identity Theft Recovery plan at https://www.identitytheft.gov.

If you believe that a fraudulent unemployment claim has been opened in your name, we advise the following:

• Notify the MA Department of Unemployment Assistance (DUA): 

  1. by phone:  877-626-6800

  2. online:  https://www.mass.gov/forms/unemployment-fraud-reporting-form

• Contact all financial institutions with which you have a relationship, notify them you are a victim of identity theft and follow the steps they recommend; ask if your contact information has recently been changed (i.e. mailing address, email address, phone number)

• Place security freezes and request your credit report from each of the 3 credit reporting agencies (Equifax, Experian, Transunion)

• Contact the deposit account credit agencies (ChexSystems and Early Warning) to place a freeze on your report and determine if a bank account has been fraudulently opened in your name

• Contact your post office to confirm no changes of address have been filed

• Contact the Social Security Administration to report a compromised SSN

• File a report with your local police and with the FBI at https://www.ic3.gov  
   

Contact Tracing

The Commonwealth of Massachusetts has created a program to reach out to contacts of confirmed positive COVID-19 patients in a coordinated effort to help reduce the spread of the disease.  Of course, with every legitimate program there are sure to be scammers who are trying to use it as a chance to bait you into being defrauded.  Below are some simple guidelines and tips of how to protect yourself:

• Tracers will not ask you for money or information like your Social Security, bank account or credit card number. Anyone who does is a scammer.  

• Do not click on any hyperlinks texted or emailed to you from a supposed Contact Tracer.  That is also a scam.  

For more information and guidance from the Federal Trade Commission, please click the link below.
www.consumer.ftc.gov/contact-tracing

Fake Products and Test Kits

Fake products are being advertised online, such as COVID-19 vaccinations or test kits. 

Hackers are sending emails, creating websites and developing phone apps related to the virus designed to trick people into clicking on malicious links disguised as helpful resources. These scams can contain malware that steal online banking credentials or credit card numbers.

Blackmail Email Scams

One trending scam to be aware of, which has been on the rise recently, involves blackmail emails. The subject line of these emails contain passwords that the recipient has used in the past, which alarms the recipient. The sender typically includes a warning that the hacker has had access to the recipient’s computer and/or phone, including the video camera where they were able to record the person’s activities and/or recent website visits. They threaten to distribute the video to friends, family members and co-workers unless they receive monetary compensation. If you or one of your customers receive a blackmail email, STOP! Don’t provide any compensation and immediately delete the message.

If you receive one of these emails, it could mean that your email was exposed in a data breach and it is time to update your password(s). Please note that your password may have been one that you have already changed, but make it a practice to change all your passwords regularly, and immediately after receiving an email of this nature.

Many Americans are now working and schooling from home. There are significant challenges that can lead to digital vulnerabilities when setting up and adjusting to a work from home environment. This link to the Federal Trade Commission (FTC) will provide some tips for protecting your devices and personal information.

Link to Tips from the Federal Trade Commission

Many people are out of work during this pandemic, and looking for ways to earn some money.  Fraudsters are taking advantage.  You will never be required to pay money to a legitimate employer to secure a job, or provide your bank account information.  

A new job scam trending is ‘car wrapping’ – a company asks you to put their logo on your car to advertise their company, and they will pay you.  But the check they send is fake, and when it’s returned to you bank - you will be out the money if you spent it!  Here is more information on job scams from the FTC: 

Link to Job Scams

By now many people have received the Economic Impact Payment (EIP) authorized by the Coronavirus Aid, Relief, and Economic Security Act (CARES Act). If the IRS does not have your bank information for direct deposit, they will mail your payment to the address they have on file for you. In this case, your payment is made either by check or prepaid debit card. For more details on the prepaid debit card and what to look for, please visit https://www.eipcard.com.

For more information on the status of EIP, please visit the IRS website.

As always, programs like this attract scam artists and fraudsters.

• Please remember that the federal government will not call to ask for your Social Security number, bank account information or credit card number. Anyone who does is a scammer. 

• If you receive a call, text or email from anyone stating they can help expedite your stimulus check – that’s a scam! The government will not ask you to pay anything up front to get this money. No fees. No charges. Nothing.

• If someone calls stating you need to complete the U.S. Census before you are eligible for your stimulus – that is also a scam!

For more information, please visit the Federal Trade Commission website.

Learn more about Economic Impact Payments

Click here for more information on The CARES Act scams 

A fraudulent website, claimed to provide an updated virus map just like the one at Johns Hopkins, was created and circulated. The map had embedded a type of spyware that steals usernames, passwords, and credit card numbers stored in the user’s browser. This is an example of copycat sites to beware of.

Bogus charities are being created requesting donations – via website, email or phone to supposedly assist areas heavily impacted by the virus.

Consumers place a significant amount of trust in the Federal Deposit Insurance Corporation (FDIC). Scammers are using the FDIC name and logo to take advantage of this trust and capture personal identifiable information through a variety of communication channels including emails, phone calls, letters, text messages, faxes, and social media.  Click here to learn more about these scams and how you can protect yourself from imposters - 

Link to FDIC