The best of times for fraudsters usually means the worst of times for the rest of us, and the outbreak of the Coronavirus is no exception.
Events that grab attention around the world or cause significant disruption to normal routines have always been ripe for opportunists. The current global pandemic, which has claimed tens of thousands of lives and upended entire economies, fits well inside the cybercrook playbook.
“Scammers are taking advantage of fears surrounding the Coronavirus,” the Federal Trade Commission wrote on its website in late March. A few weeks earlier, the European Central Bank issued a similar warning, telling banks to prepare for a possible spike in cyberattacks as a result of the outbreak.
With that in mind, here is a quick look at what enterprises and consumers alike might need to watch for as we navigate these uncertain times.
Consumers are at risk. Businesses are, too
We’re all anxious and distracted, and many of us have been forced to adopt new routines that can make us uncomfortable. Our financial transactions are unusual, too – orders are cancelled or rushed, business deals fall through unexpectedly. Fraudsters thrive in this kind of environment.
“An emergency request that would have raised eyebrows in the past might not set off the same alarms now. Compounding the problem is that teleworking employees can’t walk down the hall to investigate a questionable directive,” the Federal Trade Commission wrote, describing coronavirus scams targeting businesses. One such scheme is spoofing a CEO’s email address or phone number directing an employee to transfer funds in some fashion.
Another tactic enterprises should watch out for, the FTC says: messages purporting to be from a member of the IT staff requesting a password or directing the recipient to click on a link or download software. In addition, as more people work from home, fraudsters are trying to penetrate your network access security.
What are some examples of Coronavirus-related fraud?
The Electronic Frontier Foundation has documented numerous cases of staff members at hospitals in New York, the epicenter of the outbreak in the United States, receiving phishing emails claiming to be from medical suppliers or groups like the World Health Organization and the Centers for Disease Control and Prevention.
Even the Johns Hopkins University-produced interactive map tracking global infection rates and deaths has been used to launch malware, according to Krebs on Security.
The U.S. government’s $2 trillion Coronavirus relief package will attract fraudsters
There’s money in the mailbox. Not everyone will receive their relief check via direct deposit; the government will have to send some physical checks, giving fraudsters a new opportunity. Banks, credit unions and other financial institutions offering online accounts should be extra vigilant about new customers looking to open digital accounts, deposit stolen checks and then withdraw those funds as soon as they can. Now is the time to dial up your Know Your Customer processes.
What to tell your customers: The old rules still apply
The old advice is still the best advice: If it sounds too good to be true, then it probably is. No, there isn’t a cure yet, so don’t go clicking on that COVID-19 vaccine offer. Get a suspicious email? Check the sender’s address closely to confirm it matches the contact name. Don’t click a link or download files from unfamiliar sources. If you’re not sure about a message, ask a friend, family member or coworker for their opinion, or contact the sender directly using a different form of communication, like over the phone.
In addition, the Federal Trade Commission warns consumers about making online purchases from sellers who may falsely claim to have hand sanitizer, toilet paper, medical supplies and other in-demand items. It also cautions against making charitable donations in cash, by gift card or wire transfer.