While you take care to limit social interactions and wash your hands to prevent the spread of the coronavirus, you also need to take steps to protect your finances and identity. Scammers are now taking advantage of the COVID-19 pandemic to lure victims in with new phishing scams.
“We know consumers are managing their money and finances online, so it’s more important than ever to raise awareness of smart security practices,” says Vice President of Security at Navy Federal Credit Union, Chip Kohlweiler. “Being proactive and learning about your security is a great step toward keeping your accounts and information safe. There’s a good chance your bank or credit union has resources available for you to learn about how to identify scams, which is a great place to start.”
Phishing remains one of the top ways cyber criminals get access to your identification and financial information. Using phone calls, emails and even copycat websites, scammers are creating content that appears official and related to COVID-19 — tricking you into revealing personal information like bank account numbers, login IDs and passwords. At the same time, by clicking a link, you may also unknowingly download malware that infects your computer and captures your data.
“Just because caller ID shows your financial institution is calling, do not provide information such as one-time passcodes or PIN to the caller. Additionally, phony links in emails can be a major threat to your system. If you don’t know the sender, a general rule of thumb is don’t click any links in the email,” says Kohlweiler.
Here are a few tricks scammers are using in their phishing attempts:
Names of real companies
Phishers often use legitimate company names and copy the look of official websites and emails to fool you. Right now, they’re even sending out correspondence that looks like it’s from the World Health Organization, local governments or other trustworthy sources.
Be wary of unexpected emails from a “company employee” looking for information.
Threats and urgent messages
“Urgency is a big red flag. While you may have an urgent need, you should always validate it. If it’s in regards to one of your accounts, call the company associated with the account from a number on their official website, or on a recent paper statement, to confirm if urgent action is needed,” Kohlweiler advises.
Official-looking URLs
Sometimes the URL (web address) will look right, but instead of taking you to your intended website, it will lead you to a copycat website. Check to see if the URL begins with https://, which indicates a site is secure. Most phishing scams won’t have a secure website. Never click on a URL within an email; instead, type the official URL into your browser.
Wire transfer requests
In these scenarios, a scammer sends what appears to be a legitimate email requesting a wire transfer to cover title, escrow or any number of other costs. Unfortunately, money you transfer as a result of the fraudster’s email ends up in the fraudster’s bank account — and you’re not likely to get it back. If you receive such a request, call your financial institution to verify that it has made this request.
“Once you know what to look for, you can start to use some best practices to avoid these scams,” adds Kohlweiler.
1. Set up your accounts for success.
Using strong passwords (never the same for different sites), setting up transaction notifications and ensuring your contact information stays up to date with your financial institution are all easy ways to enhance your online security.
2. Call and verify.
Be sure not to use a number provided in a suspicious email or even in the Caller ID. Use numbers on your statements or policies or from the official website.
3. Look for bad spelling.
Phishing emails often have unnatural or incorrect grammar and misspellings. Keep an eye out for grammar and spelling mistakes.
4. Beware of links.
It pays to be wary of emails you’re not expecting. If you’re suspicious of an email, don’t click on any links or buttons in the email. Hover your mouse over the link and see if the address that appears matches the link typed in the message. If it doesn’t match, don’t click on the link, as it could take you to fraudulent websites or download malicious software.
5. Read your statements.
This can help you detect fraudulent transactions faster if your identity is stolen.
6. Increase your security.
Consider using a password manager solution to improve your security posture.
7. Use a different computer.
If you find fraudulent transactions on your account or suspect your info has been compromised, use a different computer to change your passwords. And, make sure you notify your financial institution right away.
8. Keep up with the news.
Stay up to date on news of phishing attacks to protect yourself. Anti-phishing organizations, such as Anti-Phishing Working Group, provide lists of new and current phishing scams.