The world has quickly changed over the past few weeks, but the one thing that hasn’t is the inclination of shady characters to exploit individuals and organizations with a variety of coronavirus scams. As well as what to look out for, we highlight some IT best practices to help you avoid being scammed.
Over the past few weeks, Source One Technology and our team of engineers have seen and heard about various scams over the usual channels – email, text messages, and phone calls.
While government, corporate IT, vendors, and service providers continue to build more robust and resilient cyberinfrastructure, it seems that scammers, hackers, and bad actors continue to try and find ways around — and sometimes through — various defenses to get to you.
The opportunities are ripe and plentiful for scammers to take advantage of – consider recent government legislation that extended tax filing deadlines, provides economic stimulus payments, offers enhanced unemployment compensation as well as deferred mortgage and other debt payments to U.S. citizens in need of short-term economic relief.
This Wisconsin manufacturer needed to modernize its IT infrastructure to support rapid business growth.
Discover what they didIn addition to these moves to help individuals and families through current and looming crises, the generosity of those continuing to donate money and time to various causes are also becoming targets for unscrupulous actors forming fly-by-night charities, spreading sensational headlines and constructing malicious clickbait to ultimately gain access to personal and business assets.
Here are a few potential targets and coronavirus scams we expect to see in the very near future:
Economic Impact (a/k/a Stimulus) Payments
We’re not going to get into the nitty-gritty details as far as eligibility and limits go (we’re IT guys, not financial advisors), but do know that if you qualify for a full or even partial payment, the IRS will calculate this based on past returns (2018 or 2019, whichever tax year you most recently filed) and will provide you funds either via:
- Direct deposit / ACH to your bank account on file
- Check via U.S. postal mail to your most recent address on file
In addition to economic impact payments, the IRS has also extended the 2019 tax filing deadline to July 15th, 2020. If you haven’t filed yet, consult with a tax advisor on whether you should file now or wait until later to maximize your benefit.
Alert
The IRS will not directly call you, email you, text you, tweet you, snap you, Facebook you, DM you, IM you, or really in any other way ask you to provide sensitive information or to claim a stimulus payment.
If someone purporting to be from the IRS contacts you in any manner other than U.S. mail, ignore them and contact the IRS yourself.
Unemployment compensation/benefits
Unfortunately, we’ve seen record-breaking unemployment numbers for the first time in history. Methods to apply for unemployment benefits can differ by state. Some state governments are still working with the federal government to streamline their processes and handle the volume of requests and applications coming in due to COVID-19 and the associated economic fallout.
To further complicate matters a bit, due to social distancing guidelines, local offices may be closed and otherwise directing applicants to apply for benefits online or consult with a claims specialist over the phone.
If you or someone you care needs more information, get in touch with your state’s Department of Labor & Workforce Development.
We’re based in Wisconsin, and the Wisconsin Department of Workforce Development details are here:
- dwd.wisconsin.gov/uiben/
- (414) 435-7069
- (844) 910-3661 (toll-free)
Alert
Do not click any links in or reply to any unsolicited emails offering unemployment assistance or even short-term gigs.
Money mule scams, while nothing new, have recently begun increasing in numbers and lately masquerade as health care operations offering lucrative payments and incentives to targets.
Mortgage forbearance and other deferred debt payments
Recently, many lenders and creditors have agreed to defer debt payments for various types of mortgages, loans, credit cards, and other types of debt for those facing economic hardship.
Rules, caveats, and eligibility vary widely here, so we recommend you contact your bank or credit union’s customer service department either through the secure messaging feature in your online banking website/app or via a phone number on your statement.
While some banks and credit unions do occasionally reach out to current customers by phone for marketing or other non-transactional purposes, they will not initiate phone calls specific to your account.
Alert
If someone claiming to be from your bank calls you regarding your account, hang up and call the number displayed on your bank statement.
Charitable organizations and donations
Many well-established charitable organizations continue to serve their missions and do their part during the COVID-19 pandemic to provide relief to those that need it most. New charitable organizations are cropping up as well, so it’s important to do your research to ensure your donation is, in fact, going to a cause you care about.
Again, we’re IT guys and not financial advisors, so check with your financial advisor, tax advisor, or certified public accountant on the impact to your specific situation. Afterward, we recommend checking the reputation of the charitable organization you’re interested in by using a service such as Give.org, an affiliate of the Better Business Bureau.
In addition, you can perform a Tax-Exempt Organization Search at the IRS to ensure the organization does have tax-exempt status and is in good standing (or is at the very least registered).
Alert
Be wary of robocallers and telemarketers collecting on behalf of “such and such” – oftentimes, less than 10% of your donation ever makes it to the cause they claim to represent – if it makes it at all.
General tips to avoid Coronavirus scams
Finally, here is a summarized list of general tips to follow to avoid being scammed or hacked:
Passwords
Use different, hard-to-guess, and unique passwords for each of your accounts. Enable two-factor or multi-factor authentication on all your accounts whenever possible, including your Facebook and Google accounts.
Use a reputable encrypted password manager to save and store your passwords. We generally recommend KeePass, 1Password, or LastPass.
Visiting secure sites
Ensure any website you log in to or submit information to uses HTTPS and a valid SSL certificate. Further, check carefully to make sure the URL is legitimate and isn’t fake, spoofed, or otherwise malformed – Phishlabs found 79% of phishing websites in 2019 were encrypted using HTTPS (bad guys spend money on certificates, too!).
Web filters
Corporate web filters will usually prevent you from accessing a malicious link or warn you about a brand-new domain a scammer may have just registered. However, this may not always be the case, especially when working from home. If you’re unfamiliar with a website and have a sneaking suspicion something isn’t right, we recommend performing a quick check against Fortinet’s FortiGuard web filter service. If your business doesn’t offer this already, have your IT Manager contact us.
Protecting your operating systems
Ensure you are using a commercially supported operating system, such as Windows 10 (in case you missed the memo back in January, Windows 7 is no longer supported and is highly vulnerable!). Other options are Google Chromebooks with Chrome O.S. and Apple devices with macOS High Sierra (10.13) or newer. Whether you use Windows, Chrome, or macOS, keep it up-to-date!
Although Windows 10 with built-in Windows Security is great, we recommend upping the ante with more comprehensive antimalware solutions with additional web and email security such as Sophos Home or Sophos Home Commercial Edition. AVG and Avast are great options, as well.
Opening attachments
As always, be extremely vigilant when it comes to saving and opening email attachments or downloading files, even if it appears to come from a source you know and trust. Consider using Windows Sandbox (available in recent versions of Windows 10 Pro) or Sophos Sandboxie.
Gift cards
Don’t buy iTunes gift cards and give the PINs to someone via email or over the phone, no matter the reason. They probably use Spotify, anyway. (But seriously, don’t respond to any gift card or pre-paid debit card request!)
While this isn’t an end-all, be-all comprehensive list, it is a starting point for you and those you care about to consider as we move through unprecedented times in early 2020. Take care of yourself, stay healthy, remain vigilant, and as always, give us a shout if we can help you or your business navigate the IT challenges ahead.