The coronavirus pandemic has given rise to a host of fraud schemes attempting to profit off the crisis. According to the Federal Trade Commission (FTC), consumer complaints for COVID-19 related scams topped 7,800 in early April, totaling $5 million, with an average loss of $598. U.K. victim losses are currently at just over $1 million.
These scams tend to fall into one of three categories. The first is your typical “snake oil salesman” type, where the fraudster is selling false promises in the form of goods or services. The second category revolves around computer-related scams that target networks and mobile phones in an attempt to gain access to sensitive data. The third category is social engineering scams that involve manipulating targets into divulging confidential information.
Though the list of scams is growing daily, we have collected some of the most common ones here. We’ll also detail proactive measures you can take to protect yourself, your friends and relatives, your employees, and your organization.
“Snake Oil Salesman” Scams
Fake COVID-19 Tests or Cures
Bad actors are taking advantage of the COVID-19 pandemic to sell fraudulent products with claims to prevent, treat, mitigate, detect, or cure the virus. These ‘solutions’ may be damaged, expired, counterfeit, or unsafe. Online retailers, including Walmart, eBay, and Etsy, have reported issues with such products being sold on their marketplaces. Amazon reports it has removed over 1 million products for false COVID-19 claims.
In March, televangelist Jim Bakker was served a cease and desist letter for products he was peddling on his show claiming to cure the virus. Six other organizations have received similar letters from the FTC.
The scam also takes the form of a ‘salesman’ going door-to-door performing fake tests for money or insurance information. Another devious version of this scam targets high risk individuals with diabetes, offering a COVID-19 testing kit along with a free diabetic monitor.
The Better Business Bureau’s Scam Tracker reports that phony cures are one of the top six scams of the pandemic.
One iteration of this scam involves soliciting donations for fake charities (or falsely soliciting donations for legitimate charities) claiming to help those in need, aid front line workers, or to develop a cure. One televangelist even claims to have healed people of coronavirus through the television screen and solicits contributions to support his efforts.
Fake Vendors of In-Demand Supplies
These scammers set up fraudulent websites (or list goods for sale through legitimate sites such as Amazon or Walmart) advertising in-demand medical supplies and tests. The scammers accept payments for goods, but never provide the products.
Fake Buyers of In-Demand Supplies
In this case, scammers order your business’ products and pay with an online service. They then cancel the payment after you have shipped the goods, but before the transaction clears.
Fake Investment Opportunities
Scammers will promote publicly traded stocks for companies they claim can help prevent, detect, or cure the virus. The sales they generate inflate the stock price, which then plummets when they sell their shares at a profit. To date, the SEC has halted trading on two such stocks over concerns of this “pumping and dumping” scheme.
Fake Disinfecting or Cleaning Services
In this scam, the fraudster will assert that your organization has been visited by someone infected with the virus and offers a thorough cleaning and disinfecting using CDC recommended protocols. The scammer will come in and put on a good show with masks and sprays, but the cleaning products are useless.
Another version includes robocalls offering HVAC duct cleaning to “protect” your home and family from the virus.
Fake Asset Sale Opportunities
The pandemic has had a major impact on local businesses, endangering the financial stability of some. Scammers are taking advantage of this by pretending to be a business in financial distress and selling assets at deep discounts to raise money for employee payroll. Of course, there are no assets delivered in exchange for the payments received.
Price Gouging on Products
The Attorneys General in most states are targeting anyone attempting to price gouge on medical supplies and other goods such as toilet paper. Amazon, Walmart, and other online retailers are also targeting third parties attempting to profit on these goods. Amazon reports removing more than 500,000 high priced products and has suspended over 2,500 sellers in response to complaints.
0% Interest Mortgage Loans
In mid-March, the Federal Reserve lowered the federal funds rate to near zero. Scammers have seen this as an opportunity to send out spam advertising 0% interest rate mortgages. Many borrowers don’t realize that mortgage rates aren’t directly correlated with the federal reserve rate; they are also influenced by the buying and selling of government securities, the size of the loan, the loan term, credit scores, and the size of one’s down payment.
Even if you receive an offer that appears to be from a legit bank, look for misspelled words, blurry images, or a strange web address to tell if it’s a hoax.
Fake Pandemic Information Sources
Scammers are sending emails and texts manipulated to appear as though they’re coming from the Centers for Disease Control (CDC), Food and Drug Administration (FDA), or the World Health Organization (WHO). Such messages may claim to have an updated list of cases in your area, advertise free masks from the Red Cross, or offer a list of recommended safety measures.
These scam messages come in many forms and offer different incentives to respond. In reality, they each contain malicious links that allow scammers to access your data for theft or ransom. One example targets Android phones, allowing the hacker to listen through your microphone, watch through your camera, and read your messages.
Fake Retail Discounts or Free Items
This scam involves false claims made online or in emails offering big discounts at local businesses. To obtain the discounts you must click on a link that, instead of being a great deal, is actually malware that gives the hacker access to your phone or system. One example offered read, “$110 goodies from Costco! That’s our stimulus package for our loyal customers.”
There are other examples of ‘Amazon’ giving away hand sanitizer and ‘Starbucks’ offering a $100 gift card as an apology for closing their stores. Be wary of ‘too good to be true’ offers.
System Hacks/Denial of Service Attacks/Ransomware
With IT staff spread thin attempting to service employees working from home, hackers are targeting networks in a variety of ways to steal data or hold it for ransom. They also see an opportunity to access networks through weakly secured employee connections. You can find our recommended best cybersecurity practices for working from home here.
Fake Workplace Policy Changes
Scammers have been sending out messages similar to this, “Due to the coronavirus outbreak, [company name] is actively taking safety precautions by instituting a Communicable Disease Management Policy.” If you click on the fake company policy, you’ll download malicious software. Check with your Human Resources department before clicking any suspicious links claiming to originate from them.
“I’m from IT…”
These scammers call pretending to be from your organization’s IT department and requesting remote access to your computer. Granting them permission gives them access to your network.
Zoom has become the most popular video-conferencing platform to use since the COVID-19 pandemic forced many people to work for home. Realizing this, hackers have found ways to infiltrate private meetings and “Zoom-bomb” them with profanity and pornography. More insidiously, a hacker may choose to lurk in the background and listen for sensitive information that can be exploited for personal gain.
Social Engineering Scams
Fake Insurance Coverage
This scam involves the caller claiming that COVID-19 isn’t covered by your insurance because it didn’t exist when your policy was issued. They may even claim that you have been identified as someone exposed to the virus. They will use this front as an attempt to get personal information from you or payment for “additional insurance coverage.”
“Help, I’m Quarantined and Need Cash”
This scam targets seniors with calls claiming to be from a grandchild stranded due to the COVID-19 quarantine. The scammer will request money for airfare, lodging, bus fare, etc. Oftentimes, information about the grandchild can be found by trolling social media sites, adding authenticity to the request.
Fake Treatment Demands for Payment
In this scam, the fraudster will call, email, or text claiming to be from a health care provider that has treated a friend or relative and is demanding payment for the treatment. Again, the scammer may consult social media for accurate, convincing information about your friends and family.
Fake Government Bailout Requests for Information
Several versions of scams involving government impersonators have been reported. In one scam, a caller will claim to be from the IRS needing to confirm personal information or requiring payment to release your stimulus check. Another involves sending letters to seniors with a warning their social security payments will be suspended due to virus-related closures, unless they take certain actions.
Fraudsters are also targeting businesses with similar scams. These typically involve asking for sensitive information as part of the application for the government bailout program, sending texts about government subsidies with malicious links, or requesting personal information about employees for the Paycheck Protection Program. You can find out what information is actually required for government aid in our CARES Act overview.
Unemployment Compensation Schemes
These schemes take many forms. In one iteration, the fraudster calls pretending to represent an employee from the state government needing additional information to process your unemployment claim. Their goal is to steal your bank information, benefits, or personal information. Other variations of this include an offer to help you obtain unemployment benefits, or a message that your benefits have been suspended and a phone call is necessary to reactivate them.
Taking advantage of the high unemployment rate, scammers are also contacting people with phony offers of employment. In order to secure the job, the scammer will ask for social security numbers and other personal information. They may also request a ‘processing fee’ for the application.
Student Loan Call Back Scheme
This scam involves a message asserting that, due to COVID-19, new measures will include waiving interest on your federal student loans until further notice. The message instructs the recipient to call a phone number for how this will impact them, with the hopes of then soliciting personal information.
Fake Cancellations or Refunds for Missed Vacations
This is the most common COVID-related scam reported to the FTC. Scammers call claiming your credit card will be charged for canceled travel unless you contact them. They then attempt to obtain banking information “to process the refund” or cancel travel plans.
School Lunch Scam
In this case, fraudsters send an email claiming that if you currently receive free school meals, you can ensure support continues by replying with your bank details.
“Do You Need A Bank Loan?”
Scammers send you a text saying banks are closing and to click a link if you need a loan. You would then be directed to respond with personal information. To date, the FTC reports $19,000 lost to this and similar smishing scams (frauds using SMS or text messages).
How to Protect Yourself and Your Organization from COVID-19 Scams
Follow these simple steps to protect yourself, your friends and relatives, your employees, and your organization from COVID-19 related scams:
- For any email or text requesting sensitive information (such as credit card, bank account, or social security numbers); requesting funds be sent by wire, Bitcoin, or check; requesting a change to direct deposit bank routing; or requesting changes in IT security settings – always confirm the request by calling the sender directly. This control is essential in a work-from-home environment.
- Require two-factor authentication to access work networks. (This means a second step, beyond just entering the password, is required to grant access.)
- Never click on links from unknown sources or in suspicious looking messages.
- For the latest information on the coronavirus, go directly to trusted sources such as WHO, CDC, local news stations, or state and local government websites.
- Educate your employees, friends, and relatives on these current scams.
- Shop with reputable online retailers, and make sure the site is secure. (If secure, the website URL will start with “https://”)
- Direct texts from unknown senders to a separate tab on your phone (a setting in your phone can accomplish this).
- When using Zoom, use meeting passwords and restrict screen sharing to just the host.
- Make sure you have strong IT controls over your system.
- Help others by reporting coronavirus scams to the State Attorney General’s Office.
- Check the legitimacy of charities through your state’s public charities division, guidestar.org, justgiving.com, or in Publication 78 on IRS.gov. Be wary of requests to wire funds, use bitcoin, or provide gift cards. Also, send money directly to a charity rather than in response to an email or text.
- Scammers prey on fear, and there is plenty of that in world now. If you are being pressured into something due to a sense of urgency, this should be a “red flag” to call a time out and think before acting. Scammers target people they can pressure into action. Verify the source of the information through another means.
- And finally, remember the old adage, if it sounds too good to be true, it probably is.
If you’d like further information on anything covered in this article, please contact a Clark Nuber professional.
© Clark Nuber PS, 2020. All Rights Reserved