Scams to watch out for during COVID-19 including fake stimulus checks
During this time of health and economic uncertainty, one thing is certain: scams are alive and well. Some are more sophisticated than others so even if you don’t think you would fall prey to them, keep an eye out for your neighbors and let them know of these scams so that no one ends up having their personal information compromised, losing their stimulus check or even their life savings.
Below is a Q&A with Mike Loy, a Senior Strategist and Cyber Analyst of the Department of Homeland Security, who has kindly taken time out of his busy schedule to go over the top scams that are circulating right now in our community and across the nation during COVID-19.
You will want to take a minute and read over the following Q&A and look at the images below because you might receive one or more of these through several electronic venues to include email, text messaging or phone call during the COVID-19 pandemic.
1. Can you tell us about the text message scam that directs people to COVID-19 testing locations or telling people someone they may have been in contact with has COVID-19?
M. Loy: While there are many different scams that are currently being investigated and followed by Federal, State and Local Cyber Security professionals, one of the most recent scams is one that has used text messaging as its delivery platform.
As noted in the pictures provided (above/below), you can see that the draw to this scam, is to provide you with information about COVID-19 symptoms and where to get tested.
The other picture (above) uses fear and uncertainty to have you click a nefarious link because they lead you to believe that you have been exposed to someone that recently has been positively diagnosed.
What is important to point out here is that legitimate information of this importance is not going to randomly appear on your text messaging platform, even if you can justify that it may be from your local hospital or physician as simple information. As a reminder, anything that may be linked to HIPAA laws would never be forwarded to you in this manner.
Every effort would be made to make personal contact to advise you of potential exposure to COVID-19 and its severity. Additionally, you control access to your text messaging for 99.9% of all texts. Your phone carrier does have the ability to push info to you in this manner, but in that case, its because you are allowing it. If you randomly receive something that looks wrong, out of place or fishy, I promise you, it is.
Lastly, clinking these links could take you to a myriad of places to include legitimate looking sites that will try to have you verify information about you and/or ask to provide information about yourself before they will release any data to you. Additionally they may ask for info to ‘schedule you’ for testing which is another manner of inadvertently providing PII, or Personable Identifiable Information, that can be used against you in the future.
I know it may be a simple click, but please, do not take the bait. Know that in doing so could have significant ramifications.
2. How do you know if it really is the government contacting you about the stimulus checks?
Many bad guys are trying to lure folks into providing info via phone and email solicitations. Like all others, they are all false. We get junk mail every day in our email accounts, no matter how hard some may work to avoid it. Clicking on an embedded link can and will bring a whole host of problems to include compromising your computer, passwords and email contact list, which in turn, could start the same process for someone else. For the most part, these emails are trying to get information on you to continue their attempt to gain access to more than just an email list.
NO ONE WILL CONTACT YOU VIA EMAIL OR PHONE TO GET YOUR BANK INFORMATION IN ORDER TO GET YOUR STIMULUS CHECK. NO! ONE! I would hope all would know by now NEVER to give PII over the phone to anyone you do not know or trust. By law, the only way the Federal government can begin conversation with you is through official documentation received via the US Postal Service.
The stimulus process is being completed through the Department of the Treasury. If you are to receive a stimulus check and have filed your taxes electronically (TurboTax, H&R Block, etc.) your check will be deposited to your bank of record.
If you submit your taxes through the mail, you will receive a federally issued check through the mail.
3. Are there fake stimulus checks being sent to people and how can people know if the check is real or not?
M. Loy: There currently are nefarious actors out there using FedEx, DHL and UPS to forward “stimulus checks” to your home pro-porting to be legitimate banks working with the federal government to get the stimulus checks out more quickly.
Check amounts have ranged from $700-$3400. Many of these look to be circulated out of so called banks in Ohio, Michigan, Indiana, etc. One particular is Huntington Bank of Ohio.
Keep in mind, Huntington Bank is a legitimate bank operating in Ohio. However, after calling the phone number attached to the check, it was a disconnected number. Representatives at the Consumer Financial Protection Bureau and state banking commissions noted that people will send these false checks in hopes of getting your account information when you deposit the check.
For them, $1000 is nothing if they have a chance of accessing your account and siphoning off more. A picture of a check is attached for awareness. REMEMBER: This stimulus is being provided by the federal government and therefore will either be direct deposited or mailed to you from the Department of Treasury. Stimulus checks will NOT be distributed by individual banks.
4. Should we be concerned about GoFundMe or TV fundraising?
M. Loy: There have been several online and TV events established to raise funds for multiple legitimate organizations looking to combat Covid-19 and/or medical/first responders, small businesses, truck drivers, etc. Along with these fundraisers have been the creation of QRC codes to make it easy to scan while watching on TV or to help with remembering a long web address. While some are linked to real efforts, please know that these codes can easily be manipulated to send you to a mirror site that is, of course, not associated with real fundraising. In any online effort, please just take the time to do your due diligence and/or just go directly to their site with a proven web address. This way, your generosity will be received by the right organization to help those that continue to help us during this difficult time.
5. It is tricky right now – banks are directly calling people about PPP loans for instance and it is hard to know if they are legitimate. Does the government ever call people or do they only email / snail mail? What would you recommend people do when they are not sure if the call is legit – is there something they should ask, do they call them back? And what info should they not give over the phone because it should never be asked for?
M. Loy: Every day, we are all subject to cold calls or solicitors looking to better your interest rate, extend your car warranty, contribute to this or that cause or fix your house. Just like those calls that come up “Anonymous” or “Out of Area”, these calls should be ignored and not answered.
While solicitors have gotten more brazen recently by using local area codes to call your home, the simple rule is, if you don’t recognize the number, don’t answer it. One of three things will happen: a message will be left; they’ll call back if it is legitimate; or you’ll never hear from them again.
As it pertains to a government entity trying to get a hold of you, none will ever do so via email or phone. They are required, by law, to reach out to you at your home of record by the US Postal Service. If at any time you answer a call that portends to be a government official asking for you to confirm information they may have about you or any other member of your family or friends, my simple answer is . . . hang up the phone!
Never, not once, ever, will a government entity call you for information on a cold call. Unless you absolutely know the individual on the other end of the phone or have already established a legitimate business connection with someone you can verify, providing any level of Personable Identifiable Information (PII) to a solicitor can only be harmful to you and potentially others in the end.
Bottom line, never provide any information willingly to a solicitor or cold caller, no matter who they say they represent. If you feel you need to follow up, ask for the name of the agency, a phone number and a point of contact.
Additionally, NEVER use the number they may give you. Do your own due diligence and gather information on line about the organization and their contact info. Using something that was provided by someone you can’t confirm is legitimate will only exacerbate the issue.
6. It seems like the scams are changing fast and it is hard to stay on top of them. Are there basic tactics that they all share? Maybe similar “call to actions”, that if we just don’t do, we can avoid falling prey?
M. Loy: In a recent study it was determined that more than 84% of online users have the same password for the majority of their accounts. While it makes it easy to remember when you are looking to order dinner from Papa Johns, participate in an event on Sign Up Genius, or check your bank account, it also makes it easy for the bad guys to hack into your virtual world.
While being able to do everything online is convenient in our 21st Century world, we all need to take necessary steps to stave off those that only want to do harm. The easiest way is to ensure that your passwords are different on the many platforms you may access. Most particularly are those that are financial in nature. In reality, no password should be the same. Avoid using dates or phrases that are directly linked to you and could be found on your Facebook, Instagram or Twitter accounts. Examples are kids birthdays, pet names, sports teams and other things that can be determined through everyday posts.
While inconvenient, changing passwords every 90-120 days on your most important websites (Bank, Online Credit Card payments, etc.) is really one of the best ways to avoid being hacked. In the end, all of these scams are in place to do one thing; prey on our vulnerabilities and find a way to gather your own information to be used against you. Remember, always err on the side of caution. If you don’t recognize it, delete it, hang up and do not respond.
So there you have it folks – some of the latest scams you may see coming thru your phone, in your email and in your mail box. Thank you to Mr. Loy for answering our questions. If you have comments below you are welcome to post them. Please share this post with family and friends so everyone can become aware of these scams. You can also visit the Federal Governments page on COVID-19 Scams.
We will circle back around with Mr. Loy during this pandemic and see what other new scams pop up and how to avoid them.
Author
