As noted in our prior alert, the current situation caused by COVID-19 presents many opportunities for cyber criminals and others to exploit not only the added technological strains and vulnerabilities that come with more people working remotely, but also to exploit the fear, uncertainty, and conflicting information coming out from various sources. Sadly, there’ve already been numerous reports of a variety of different scams associated with COVID-19, including through email, texts, and phone calls. As such, it’s critically important to take extra precautions when dealing with any unexpected or unsolicited communications.
The FBI has issued a number of warnings about these scams, and both the Department of Justice and the FBI have helpful webpages specifically related to COVID-19 issues and addressing a number of these scams.
Among other scams, the FBI has highlighted a prevalent scam involving fake emails claiming to be from the Centers for Disease Control and Prevention (CDC) or other organizations claiming to offer information on COVID-19. The FBI warns users to not to click on these links or open attachments in these emails or in any other emails from senders you do not recognize, which can deliver malware to your computer. The FBI also warns people to be wary of websites and apps claiming to track COVID-19 cases worldwide.
There’s also been a proliferation of phishing emails, which direct a user to verify personal information or provide access credentials (usernames and passwords) for a seemingly credible reason. One notable phishing scam involves an email requesting information in order for the individual to receive an economic stimulus check from the government. As the FBI noted, government agencies will not send unsolicited emails seeking your private information to send you money.
Other specific COVID-19-related phishing emails may also claim to be related to charitable contributions, general financial relief, airline carrier refunds, fake cures and vaccines, and fake testing kits.
As noted above, criminals are also conducting scams through texts. As with emails, these scams claim to relate to various forms of financial relief (including in relation to data usage and cell phone bills), charitable causes, health insurance, and virus tracking apps. Again, unsolicited and unrecognized text messages should be deleted, and individuals shouldn’t respond to or click on any links included in the texts. Like computer scams, these scams can result in malware being installed on your smartphone, allowing criminals to gain access to account information, login information, and other personal data.
Phone scams have also been reported, with calls from individuals claiming to be from government agencies, insurance companies, and other businesses offering information or various forms of relief and requesting sensitive data from the recipient to process some type of benefit. As with emails and texts, you shouldn’t provide sensitive information to individuals on unsolicited calls.
It’s always important to follow best practices to protect your personal information, but now, as opportunistic criminals look to exploit the extraordinarily difficult and unprecedented circumstances we are facing, it’s even more important to be extra careful. Follow these steps recommended by the FBI to avoid falling victim to these scams:
- Don’t open attachments or click links within emails or texts from senders you don’t recognize.
- Don’t provide your username, password, date of birth, social security number, financial data, or other personal information in response to an email, text, or robocall.
- Always verify the web address of legitimate websites and manually type them into your browser. In other words, if you get an email or text claiming to be from Amazon because something is wrong with your account, don’t click on the link in the email. Instead, log in to your Amazon account separately to determine if there are, in fact, any issues with the account. Similarly with respect to phone calls, if, for example, you get a call claiming to be from your health insurance carrier offering some benefit, don’t provide information on the call. Instead, hang up and call the known official number of the carrier to see if the information being represented in the unsolicited phone call is legitimate. Again, any unsolicited communication claiming to provide any sort of unrequested benefit should be viewed with the upmost skepticism.
- Check for misspellings or wrong domains within a link. For example, an address that should end in a “.gov” ending in “.com" or an address that uses “.com” ending in “.net.” Criminals may also slightly misspell the website name altogether. For example, instead of the legitimate Amazon.com, a criminal could use Amazonn.com or Amanoz.com—adding an extra letter or switching letters is a common way that criminals trick people because they look close enough that most people don’t notice the error at first glance.
If you believe you’ve been targeted by a scam or if you were a victim of a scam—particularly one related to COVID-19, the FBI website contains a portal for reporting these scams.
If you need assistance because your own or your company’s information may have been compromised as a result of one of these scams, the attorneys on our Cybersecurity Team are available to help.
If you have any questions regarding the content of this alert, please contact Nick DiCesare, Cybersecurity Team Leader, at ndicesare@barclaydamon.com or another member of the firm’s Cybersecurity Team.
We have a specific team of Barclay Damon attorneys who are actively working on assessing regulatory, legislative, and other governmental updates related to COVID-19 and who are prepared to assist clients. You can reach our COVID-19 Response Team at COVID-19ResponseTeam@barclaydamon.com.