July 09, 2020
Since the start of the global pandemic, we’ve seen a sharp uptick in new COVID-19-related phishing and fraud scams. Posing as a public health agency offering fake government benefit payments, fraudsters and scam artists are evolving their tactics and it’s important for businesses to take note. With more employees working remotely due to COVID-19, companies need to prioritize data security and ensure remote employees are following best practices. Doing so lowers the chance of a data breach that could put an entire organization at risk.
Here are three types of fraud that have recently gained popularity as well as tips to avoid falling victim.
With the pandemic forcing many organizations to turn to government aid, fraudsters have tried to take advantage by posing as government officials and third-party companies offering to help fill out applications and use that as an opportunity to glean financial information. This type of fraud often takes the form of unsolicited calls, emails and texts offering advice, relief or assistance. Without the proper training and security measures in place, remote workers could be especially vulnerable.
You don’t know who you’re communicating with if you didn’t initiate contact. Never respond or click on suspicious links or attachments and never give out personal or financial details in relation to the company if asked.
C-suites and small business owners should ensure there is a policy in place for employees receiving suspicious requests, even if it seems like it’s coming from a reputable source.
Business and IT email scams have only gotten more frequent since the start of the pandemic. Economic upheaval has led to an increase in unusual financial transactions for businesses, such as expedited orders and cancelled deals, which can make emergency requests from higher-ups more realistic. This problem is only amplified with employees working remotely unable to walk down the hall to inquire first-hand.
If you receive an emergency financial request from a higher-up, be sure to follow up in a separate thread using the email address or phone number you normally correspond with.
C-suites and small business owners should ensure staff are aware of these scams and provide them with a trusted in-house contact where they can verify requests.
One of the largest reported scams since the pandemic started has been phishing emails claiming to be from various public health offices, such as the Centers for Disease Control and Prevention (CDC) or the World Health Organization (WHO). These scams involve telling victims they’ve been exposed to someone who has tested positive for COVID-19 and asking them for personal information, such as Social Security numbers, tax IDs, and, in some cases, personal information about their colleagues. Another variation includes asking victims to fill out an attached Excel sheet, which downloads malicious files and software when enabled.
Do not download anything or click on links in an unsolicited email. For business leaders, remind your staff not to respond to messages like this and to report any to management.