Scam alert: Covid-19 related fraud is proliferating

In early April, we noted that there has never been a crisis or emergency that criminals won’t try to exploit and we posted a roundup of fraud schemes: Be on your guard for coronavirus scammers, skimmers & phishers! It’s time to update that list. Criminals are only getting smarter and more sophisticated about capitalizing on our coronavirus fears and the way we’ve adjusted our lives. Here are reports on some of the newer scams that authorities are seeing, along with tips on how to avoid being victimized.

Here are some of the common scams that the Department of Justice warns about:

  • Antibody testing fraud scheme
  • Unsolicited healthcare fraud schemes
  • Cryptocurrency fraud schemes including blackmail attempts, work from home scams, paying for non-existent treatments or equipment, or investment scams.
  • Calls and e-mails from imposters claiming to be IRS and Treasury employees
  • Robocall scams selling PPE, face masks, or other medical devices
  • “Free” COVID-19 tests if you supply Medicare information
  • Fake charities seeking donations or your bank / credit card info.
  • Imposter calls promising CARES Act stimulus payments or demanding refunds for a supposed over payment
  • Fake websites and apps claiming to be associated with CARES Act programs.

FBI Says Increased Use of Mobile Banking Apps Could Lead to Exploitation
Studies of US financial data indicate a 50% surge in mobile banking since the beginning of 2020. Additionally, studies show that 36% of Americans plan to use mobile tools to conduct banking activities, and 20% plan to visit branch locations less often. The FBI warns the public to be aware of fake banking apps and to be cautious about downloading apps on mobile devices that might contain banking-related malware. The FBI recommends only obtaining smartphone apps from trusted sources like official app stores or directly from bank websites. They also advise using Two-Factor Authentication and using strong passwords and good security.

FBI Sees Rise in Online Shopping Scam
The FBI reports an increasing number of people are ordering goods online from fraudulent vendors and the goods are never relieved. Victims are being directed to fraudulent websites from ads on social media platforms and popular online search engines that offer lower than usual pricing on such items as gym equipment, small appliances, tools and furniture. Many of the websites used content and contact information copied from legitimate sites and posed as US companies. Here are some fraud indicators. Instead of .com, the fraudulent websites used the Internet site domain extensions of .club and .top. Most of the site URLs (addresses) were purchased in the last 6-months.

The FBI offers these tips to avoid being victimized

  • Do your homework on the retailer to ensure it is legitimate.
  • Check the Whois Public Internet Directory for the retailer’s domain registration information.
  • Conduct a business inquiry of the online retailer at the Better Business Bureau.
  • Check other websites regarding the company for reviews and complaints.
  • Check the contact details of the website on the “Contact Us” page, specifically the address, email, and phone number, to confirm whether the retailer is legitimate.
  • Be wary of online retailers offering goods at significantly discounted prices.
  • Be wary of online retailers who use a free email service instead of a company email address.
  • Don’t judge a company by their website; flashy websites can be set up and taken down quickly.

Monitoring and reporting fraud schemes

Check out the FBI Coronavirus website periodically for updated fraud scheme reports. If you think you are a victim of a scam or attempted fraud involving COVID-19, you can report it without leaving your home by calling the Department of Justice’s National Center for Disaster Fraud Hotline at 866-720-5721 or submit the NCDF Web Complaint Form.

Related post:

 

Reprinted from Renaissance Alliance – no usage without permission.

Be on your guard for coronavirus scammers, skimmers & phishers!

There’s never been a crisis that cyber criminals won’t try to exploit — rest assured, they are out in full force during the coronavirus crisis. Their goal is to capitalize on your fears and anxieties to steal your money and your credentials. They hope that you will be distracted and that your guard may be lowered. We offer a roundup of just a few of the scams that we’ve been hearing about, along with resources that offer security and protection tips.

Phone scams
The Federal Communications Commission alerts us that phone and text message scammers are out in full force to take advantage of the coronavirus crisis to prey on consumers and they discuss common ploys and talk about how to protect yourself in COVID-19 Consumer Warnings and Safety Tips.

Common scams include offering free home testing kits, promoting bogus cures, selling health insurance, and preying on virus-related fears. They also prey on financial fears offering bogus debt consolidation services and work from home schemes. They tout fake charities. Scammers often impersonate government agencies.

One particular issue to be aware of:

Many consumers will receive checks as part of the federal government response to the coronavirus. No one will call or text you to verify your personal information or bank account details in order to “release” the funds. The Treasury Department expects most people to receive their payments via direct-deposit information that the department has on file from prior tax filings.

The FCC offers the following tips to help you protect yourself from scams, including coronavirus scams:

  • Do not respond to calls or texts from unknown numbers, or any others that appear suspicious.
  • Never share your personal or financial information via email, text messages, or over the phone.
  • Be cautious if you’re being pressured to share any information or make a payment immediately.
  • Scammers often spoof phone numbers to trick you into answering or responding. Remember that government agencies will never call you to ask for personal information or money.
  • Do not click any links in a text message. If a friend sends you a text with a suspicious link that seems out of character, call them to make sure they weren’t hacked.
  • Always check on a charity (for example, by calling or looking at its actual website) before donating.

Coronavirus Phishing Scams
Consumer Reports  talks about phishing scams that pitch COVID-19 health information and fake cures. They say that:

Many of the emails, which often appear to be sent by WHO or the Centers for Disease Control and Prevention, pretend to offer new information about the virus.

Some hint at the availability of a vaccine, and others claim to be from charitable organizations looking to raise money for victims.

Although the ploys are “depressingly familiar” to those well-versed in phishing emails, they come at a time when people worldwide are particularly vulnerable, says Eric Howes, principal lab researcher for KnowBe4, a cybersecurity company focused on phishing prevention.

“When people are distracted, concerned, and extremely motivated to get information,” he says, “you can’t count on them to notice things they might have in calmer times.”

Their post shows how the phishing scams work and offers a list of tips from digital security experts on how to avoid getting scammed.

Consumer Reports also offers other coronavirus-related alerts:

Online shopping safety: protect against skimmers
Malwarebytes offers tips for safe online shopping post COVID-19. They talk about various problems online shoppers should be on alert for, from raised prices and price gouging to counterfeit goods. They remind shoppers to use only trusted sites and to visit those sites directly rather than through links found in emails or on web pages, which could be phishing attempts. They offer this pro tip: Bookmark favorite URLs to save on manually typing. By saving the URL rather than searching for a shop name, you are less likely to be fooled by impersonators.

They call out one threat many shoppers may be unaware of and most people wouldn’t spot – online shopping cart skimmers:

Ever since shelter-in-place orders have sent millions of shoppers online, the Malwarebytes threat intelligence team has noticed an uptick in the amount of digital credit card skimmers, also known as web skimmers. Web skimmers are placed on shopping cart pages and collect the payment data that customers enter when they purchase an item online.

Cybercriminals can hack the websites of legitimate brands to insert web skimmers, so avoiding resellers or little-known boutiques won’t protect shoppers from web skimmers. Instead, consider using an antivirus with web protection or browser extensions that block malicious content.

To help prevent such exploits, make sure you have good antivirus and anti-malware protection and keep it up to date.

Working from Home
The Better Business Bureau says that as more people work from homes, IT and security companies are noting an increase in hacking/phishing attempts. They offer 10 Tips to Stay Cyber Secure When Working Remotely. We also found this great advice. concrete advice from insurer HSB to be very helpful: Seven Ways in Seven Days to Boost Cybersecurity While Working Remotely. They talk about each step in more detail, but here’s a summary of steps they suggest/

Day 1: Unsubscribe to unsolicited email
Day 2: Get on the “Do Not Call” List
Day 3: Block unwanted callers
Day 4: Try a password manager
Day 5: Employ multi-factor authentication
Day 6: Confirm that operating systems have the latest update installed
Day 7: Confirm and update subscription(s) to anti-virus and anti-malware software

Reprinted from Renaissance Alliance – no usage without permission.

Crooks, cons & criminals: the 2019 Insurance Fraud Hall of Shame

Insurance fraud is one of America’s largest crimes — at least $80 billion is stolen each year. Why should you care? This is a crime that you pay for in the form of higher insurance rates, for one thing. And often, the fraud includes theft, scams, staged accidents, and even violence. According to the Insurance Information Institute (III), this is who commits insurance fraud:

  • organized criminals who steal large sums through fraudulent business activities,
  • professionals and technicians who inflate service costs or charge for services not rendered
  • ordinary people who want to cover their deductible or view filing a claim as an opportunity to make a little money.

Insurance fraud is a crime and police and insurance investigators fight back. It’s punishable by fines, jail and permanent criminal records. Unfortunately, sometimes the general public thinks of it as a petty or victimless crime. III says:

“Public attitudes have sometimes hampered insurers in their fight against fraud. Studies suggest that some portion of insurance fraud committed by consumers is driven by revenge or retaliation for a personal service exchange which they think is unfair. People may retaliate in order to “get a return” or “get their money’s worth.”

Understanding the scope of the crime and the ways that it affects all of the honest folks who pay for this crime can educate and help to change attitudes.

The Coalition Against Insurance Fraud works hard to educate the public about how insurance fraud is not a minor or a victimless crime.  Every year, they profile some of the worst crooks, cons and criminals from the prior year in the Insurance Fraud Hall of Shame. Here are some of the worst fraudsters in 2019:

  • A Tallahassee man pushed his friend out of a fishing boat and told authorities alligators must have gotten him. In reality, he had shot his friend in the face as he tried to climb back in the boat and then buried his body. It turned out he was in cahoots with the deceased man’s wife to collect $1.75 million in life insurance.
  • A NY chiropractor was at the heart of a “slip and fall” shakedown ring that bilked businesses and their insurers out of $32 million for bogus injuries.
  • A wealthy Miami executive ran dozens of corrupt skilled-nursing and assisted-living facilities that raided taxpayer-funded Medicare and Medicaid to the tune of $1.3 billion.
  • An heiress, socialite and political fundraiser made $20 million of false damage claims after fire in her family’s 5,600-foot mansion in the Philadelphia suburbs. To add insult to injury, she falsely blamed volunteer fire fighters who fought the fire of stealing $10 million in jewelry.
  • A Boston-area trolley driver was badly beaten up by a masked criminal on Halloween and collected workers compensation and long-term insurance to cover his injuries. Investigators later tracked down the mugger who turned out to be friend of the driver who had helped stage the “crime.”
  • There are more: A Pennsylvania man who died of burns when his home arson scam went wrong. A corrupt rehab network that forced desperate addicts to relapse in a $100-million plot to milk insurers in Pennsylvania. A staged workplace slip and fall that was caught on camera and then went viral. A $2.1-billion transnational crime ring that targeted seniors.Read more about detail about the stories of the 2019 inductees in the Insurance Fraud Hall of Shame.

 

Reprinted from Renaissance Alliance – no usage without permission.

Tax scam season: Be on high alert for these fraud schemes

From now through April 15, it’s the top tax scam season. Not that tax scams only happen in the first few months of the year, they can occur year-round. But criminals know that taxes are on your mind and they will try to take advantage of that.

Be alert for tax-related identity theft
With the frequency of large-scale data breaches, there’s a better than average chance that your personal information has been breached. Your data may even be in the hands of criminals, making you susceptible to identity theft. You may not be aware of this at all until you get a notice from the IRS about a tax filing that you never made. When you look into it, your realize that it is not just a mistake – you are the victim of a crime.

The IRS says that it’s not uncommon for identity theft victims to be unaware that they are compromised until they run into some type of tax problem or tax alert.

Here are warning signs that that the IRS says may indicate that you are a victim of tax-related identity theft:

  • You get a letter from the IRS inquiring about a suspicious tax return that you did not file.
  • You can’t e-file your tax return because of a duplicate Social Security number.
  • You get a tax transcript in the mail that you did not request.
  • You get an IRS notice that an online account has been created in your name.
  • You get an IRS notice that your existing online account has been accessed or disabled when you took no action.
  • You get an IRS notice that you owe additional tax or refund offset, or that you have had collection actions taken against you for a year you did not file a tax return.
  • IRS records indicate you received wages or other income from an employer you didn’t work for.

The IRS offers steps to take if you are a victim of tax-related identity theft, a data breach or employment related identity theft in their Taxpayer Guide to Identity Theft.

Phone impersonation and other common tax scams

Tax-related identity theft is only one type of season tax crime – be alert for these “usual suspects” that the IRS has identified as some of the most common scams:

Impersonation Telephone Scams – The IRS won’t call you to demand immediate payment via a debit card or gift card. They won’t send the police to your house to collect a debt or arrest you. See: How to know it’s really the IRS calling or knocking on your door

Impersonation email scams – the IRS does not send unsolicited emails.

Fake calls from Taxpayer Advocate Service numbers – spoofed calls from criminals  posing as IRS assistance services trying to extract personal information.

‘Ghost’ tax return preparer “Tax Transcript” email scam –  Don’t get caught by a phony tax prep scammer or promises to get your you refunds sooner.

A new version of a Social Security scam – A criminal poses as the IRS and threatens to cancel your SS number.

Check out our other fraud posts for more alerts on scams and tips to stay safe.. And here are more tax season tips from prior years:

Reprinted from Renaissance Alliance – no usage without permission.

Quick best practice tip for your 2020 financial and legal documents

It’s a new year – time to get in the habit of changing the year that you use when you write a quick check or date documents. But there’s another habit you should alter this year, according to police and other crime experts: write out the full year of 2020 in your handwritten dated documents, not just the abbreviated ’20. Failing to write the full year of 2020 might open you to costly fraud.

While it’s common to date documents in this format – 1/7/20 – the unique nature of this year’s date makes it too easy for a fraudster to change the year by simply adding more digits on the end. So your check or contract dated 1/7/20 could easily be altered to backdate it to 1/7/2019 or date it into the future as 1/7/2021.

Elizabeth Whitman of Whitman Legal Solutions talks about this in her article Will Abbreviating 2020 on Legal Documents Make You Vulnerable to Fraud?

She talks about why someone might do this, using an example of vintage violins with label changes that made the instruments older and consequently more valuable than they were. While labeling fraud on vintage musical instruments may not be something you have to worry about, she offers examples of why it might be worth your attention:

“Those who warn against abbreviating 2020 theorize that a scammer could backdate a document, such as a promissory note, to 2019. After that, the scammer could try to collect an extra year’s interest on the loan.

Commentators express similar concerns about postdating–that someone could change the date to try to cash a stale check. Or, they could try to force performance of an expired contract by make it appear that the contract was signed later than it was.”

Some say this fear might be overblown, that in prior years scammers might have altered dates on any two-digit year — but that just reinforces the importance of using a 4-digit year on written legal and financial documents – why take the risk? Whitman notes that while a consumer may be able to ultimately prove the fraud, that might entail an expenditure of time and money. Whitman says that although the risk of using an abbreviated date might be minimal, “it also doesn’t hurt to use the full year in a document signed in 2020–or in any other year.”

Her article also offers an handy list of document signature best practices, such as using a digital signature when possible, signing in blue ink, maintaining time-stamped paper copies and using dated cover letters – read more about these suggestions in her post.

Forged, altered or fake paperwork is a real thing – see our prior post on title washing scams that occur in used car purchases – a crime that costs $30 billion a year! Thieves and scammers are very creative in separating you from your money – a small step like using a 4-digit year in financial and legal documents that would make their job harder seems worth it.

Reprinted from Renaissance Alliance – no usage without permission.

Holiday fraud: How to avoid seasonal scammers

If it’s December, it’s prime holiday fraud season!

Because it’s the busiest season of the year, scammers work double time to try to maximize their take. And as many times as we’ve issued warnings, thieves are very creative about thinking up sneaky new ways to separate you from your money. The Better Business Bureau is on the case. Here are some of the top scams they see around the holidays.

Delivery scams and package thefts this holiday season – While just plain old theft of shipped packages from your doorstep or workplace is common, there are a few other things to watch out for. BBB says that phishing emails pose as official notices from delivery companies. These either contain a “tracking link” or a message that the shipper is having difficulty delivering a package to you with a number to call. Or they affix fake “missed delivery” tags on your door, asking you to call a phone number to reschedule your delivery – all are just ruses to get your personal information.

Social media ad scams – Last year, the BBB found that online purchase scams were the most common cons reported to Scam Tracker and the category with the most victims, many involving Facebook and Instagram ads. Watch out for products claiming to support charity, free trial offers, counterfeit merchandise and apps of unknown origin. Social media is also a hub for illegal gift exchange pyramid schemes. BBB says these pop up every year with new twists. When an offer seems too good to be true, it almost always is.

Is that Santa App safe? Better check it twice. BBB says that the Apple and Google app stores list tons of holiday-themed apps: children can video chat live with Santa himself, light the menorah, watch Santa feed live reindeer, track his sleigh on Christmas Eve, relay electronic Christmas wish-lists, or play Hanukkah games like dreidel. But many of these are invasive and may violate children’s privacy laws in the information they collect. For more, see our post on protecting your kids from ID theft.

Don’t get scammed out of a gift card this season – the BBB says “Before grabbing a gift card for a favorite store or restaurant, know that thieves are just as eager to use these gift cards before they’re presented to the intended recipient. Also, some retailers have terms and conditions as to how the gift card can be redeemed.” See our post about new consumer protections for prepaid debit cards.

Tips for avoiding job scams this holiday season – Many of us are looking for extra money over the holidays and a part-time seasonal job is a common way to earn that cash. But it’s also a time when scammers exploit that desire. BBB reminds you that legit employers will never ask for payment upfront for a job. They say to be wary of big money for small jobs and job offers that don’t require an interview.

8 Tips for dealing with holiday pop-up shops – BBB receives hundreds of complaints a year about temporary retail locations, reporting everything from poor quality merchandise to difficulty obtaining refunds after temporary stores have closed their doors. Pop-up shops can be fun but follow BBB’s tips in mind if you choose to buy from one of them.

See more holiday safety tips from the BBB and use their Scam Tracker to identify common scams near you.

Here are prior posts about more common holiday fraud schemes:

 

Reprinted from Renaissance Alliance – no usage without permission.

How to avoid rogue tow truck scams

Bad enough if you are in an auto accident – that’s stressful enough. You might be injured or at the very least, shaken up. Suddenly a tow truck appears on the scene saying they are from your insurance company. While that might seem like lucky timing, it should actually raise your suspicions. High pressure tactics from rogue tow truck operators can lead to exorbitant towing and storage fees or your car being taken to a body shop that is in league with the tower. The National Insurance Crime Bureau recently released a public service announcement to raise awareness about rogue tow truck operators and how to avoid becoming a victim.

NCIB offers these tips:

  • Never give permission to a tow truck operator who arrives unsolicited to take your vehicle.
  • If you or law enforcement did not call a tow truck to the scene, do not deal with that operator.
  • Do not provide tow truck operators with your insurance information.
  • Do not provide tow truck operators with personal lien holder information.
  • Determine that the tow truck signage is identical to what appears on any documentation the tow truck operator provides (they may say they “work with” your insurance company).
  • If the tow truck does not display signage identifying the name of the tow company, ask for company identification.
  • If a tow operator’s legitimacy is in doubt, call the police.
  • Do not give a tow truck operator permission to tow your vehicle until they:
    –Provide a printed price list, to include daily storage fees and miscellaneous charges that will apply if they tow your car (if the prices seem too high, ask the police or your insurance company to call a towing service for you).
    –Provide printed documentation indicating where the vehicle is being towed if it is not a location of your choosing.

The Coalition Against Insurance Fraud offers more information on tow truck cons and scams, as well as extensive tips to for what to expect and what your rights are.

Check out the full article but here are a few tips from their list:

Think ahead: Join an emergency road service club or organization such as AAA. Also know your auto insurer’s roadside assistance program, with the tollfree number printed on your insurance card. They’ll set you up with reputable towing firms and repair shops.

Photos. Take a photo of the scene, including the tow truck. Use your cell phone or a disposable camera stored in your glove compartment.

Complain. File complaints if you’re scammed. Contact your insurer, state insurance department, local Better Business Bureau and the police.

Know your rights. State laws protect you if your vehicle is towed while you were away, such as while shopping. Confirm and complain if you suspect violations of these rules in most states:

  • The property owner or manager of a business that had your vehicle towed must be at the scene and sign the towing authorization in most states;
  • The operator must leave a small sign at the scene. It should have the firm’s name, address, phone, reason for towing, and who requested the tow;
  • Towing firms must take a photo of your vehicle in the “illegal” spot and notify the local police department to ensure the car is not classified as stolen. Get the photos from the towing firm (though expect a fee); and
  • The towing operator must release your vehicle if you will not or cannot pay the requested towing free. This is true in most states, and then becomes a matter for civil courts.

Reprinted from Renaissance Alliance – no usage without permission.

Focus on Phishing: Take these quizzes to see if you are smarter than the criminals

October is National Cybersecurity Awareness Month, the time of year when cybersecurity experts from government, academia and industry remind us of the importance of safeguarding our digital information and reviewing our online safety practices.

One of the most common ways that crooks and criminals get your personal financial data is through phishing. Phishing is using email spoofing and other tricks to get you to give up personal info or click to a dangerous website that might expose you to a virus or a computer hijack. Never ever click on links or download things from a stranger!

But don’t just worry about bad emails from strangers – worry about bad emails from people and brands you trust. Many of the big brands we use everyday – Microsoft, Netflix, PayPal, Amazon, Apple – are regularly spoofed and we are tricked into clicking when we see messages like “your account is being disabled” or “thanks for your recent purchase” when you hadn’t made one. Or from a friend or family member, emails saying “this is a riot – click here” or a boss saying “We need your bank credentials for direct deposit.” If something seems off or strange or odd, it probably is. It’s better to be safe and not sorry so double check if you have doubt. Phishers are good at gaining our trust or exploiting our fears.

It’s vital to learn about how to avoid being caught by a phisher. We’ve assembled some quizzes to give you practice. But be warned, these are pretty difficult. If you take the time, however, even wrong answers will teach you something about what to look for and how to spot a fake.

Our top tips for avoiding phishing scams

  • Don’t click any links or download anything from a sender you don’t know or trust. It’s always worth double-checking. If it’s a web link from your bank, instead of clicking, go to your bank website directly by typing in the Web address in your browser. If it’s a phone call, hang up and call your bank.
  • Get in the habit of hovering over links to see who the email is really coming from and where a link is actually sending you. Learn how. On a mobile device? It’s a little trickier but you can and should still learn the source of a link from someone you don’t know. Here’s how: How to Check Embedded Links on Your Mobile Device
  • Phishing emails often have poor grammar or spelling mistakes. That’s a big clue that it’s a fake.
  • Be suspicious of any email or phone calls that demand you take action right away or that threaten you. The IRS and Medicare don’t call or email to threaten you or demand money. Urgency and threats are hallmarks of fraud.
  • Avoid filling out forms in email messages that ask for personal financial information. You should only communicate information such as credit card numbers or account information via a secure website or the telephone.
  • Always ensure that you’re using a secure website when submitting credit card or other sensitive information via your Web browser. Look for “https” in the URL. How Can I Tell If a Website Is Safe? Look For These 5 Signs
  • Consider installing a Web browser tool bar to help protect you from known fraudulent websites
  • Regularly log into your online accounts to ensure that all transactions are legitimate
  • Ensure that your browser is up to date and security patches applied
  • Always report “phishing” or “spoofed” e-mails to the following groups: forward the email to reportphishing@antiphishing.org; forward the email to the Federal Trade Commission at spam@uce.gov; when forwarding spoofed messages, always include the entire original email with its original header information intact
  • Take extra precaution when traveling. Don’t login to financial sites when on a free, public Wi-Fi..

 

Reprinted from Renaissance Alliance – no usage without permission.