On the one hand, millions of people are filing new claims for unemployment benefits and awaiting stimulus checks. So when a phone call or email comes in from someone pretending to be a bank or government official, it's harder to ignore it.
Furthermore, with so many people having to work from home, our personal technology devices have become an attractive target for those looking to infiltrate companies.
While there is little data on the extent of such grim activities, security experts said they had seen a spike in scams invading our inboxes, phones, and websites. Last month, the Federal Trade Commission issued a warning, advising people not to respond to digital communications from those who claim to have information on government checks, among other schemes.
"It is a Pandora opportunity box that you can take advantage of," said Sam Espinosa, executive at Next Caller, which develops technology to detect fraudulent calls. "The first time you're dealing with unemployment may not be the time you think, 'This is a scammer.'"
In a Next Caller poll last week, 37 percent of respondents said they believed they had been the target of fraud and coronavirus-related scams, compared to 32 percent last month. Additionally, 44 percent said they felt more vulnerable to fraud now that their businesses allowed them to work from home.
I spoke to security experts about some of the top scams and the ways we can protect ourselves. Here's a guide to what not to fall in love with.
Some of the fraudulent sites look like clones of legitimate government sites that contain information about Covid-19, but also display malicious advertisements asking for your personal information. Other fake websites are stores that claim to sell face masks and cleansers, but they exist only to collect your credit card information. Scammers can then unintentionally use the information you provided to gain access to your finances.
"The number of sites and stores popping up everywhere has increased," said Ron Culler, senior director of technology and solutions for security firm ADT Cybersecurity. Shortly after The government began issuing stimulus controls, he said, the scammers registered 15,000 fake websites posing as the I.R.S. to steal people's personal and financial information.
Here are some steps to protect yourself from fraudulent websites:
-
Check the website URL. A fake site may look identical to a government or bank website, but the domain name in the address bar is a gift of a fake. Click on your address bar and look for domains ending with "com.co,quot;, ".ma,quot; or ".co,quot; instead of more legitimate domains like ".com,quot; or ".org,quot;.
-
Install an ad blocker. To prevent your browser from loading a suspicious ad looking for your personal information, you can download an ad blocking extension for your browser. For computer browsers, I recommend uBlock Origin, and on iPhones I recommend 1Blocker X.
Scam calls
Robocallers have a reputation for sounding dumb, but in reality, they work hard for their money and are resourceful.
They do their homework and adapt to their responses. Most of the time, they "fake,quot; phone numbers, manipulating phone networks to call your phone from numbers that they are not really calling from, including the digits that belong to your bank or government agency.
In extreme cases, two scammers work together, one is on the phone with your bank while the other is on the phone with you, asking for personal information so they can immediately trick the bank's customer service agent into granting access to your account.
"What they are looking for is any crack in the system," Espinosa said. High-risk calls to financial institutions are 50 percent more than before the pandemic, according to his company, which tracks the number of potentially fraudulent calls made to companies. A bank is receiving 6,000 more high-risk calls per hour, he said.
So here is what you should do:
-
Hang up the phone and call again. Robocallers have been a nuisance for years, but now more than ever, we must be wary of any call from a company or organization. If, for example, your bank calls with a fraud alert, hang up and call the customer service number on the back of your credit card and ask your bank if it really tried to call you.
-
Delete businesses from your address book. An entry saved in your address book could give you false confidence that a call is legitimate. Suppose you have the Citibank support number stored in your address book and labeled it as "Citibank,quot;. If a scammer falsified Citibank's support number and called you, your smartphone will show that you are receiving a call from Citibank. It is better to remove these entries from the phone book so that the scammers do not take us by surprise.
Email and text messages
Phishing, in which a scammer impersonates someone to request your personal information, is one of the oldest scams on the Internet. But it still happens because it works.
Scammers have adapted to the ever-changing news cycle of the pandemic. In emails and texts, they have worn various costumes, claiming to be the World Health Organization, the Centers for Disease Control and Prevention, the Internal Revenue Service and more, according to ADT.
Their emails and texts purport to have information about the virus or how people can obtain financial assistance. But their messages often contain links to websites that request personal information, or download files that contain malware.
Here is what to consider:
-
Verify the sender. Just like fake websites, fraudulent email addresses will look legitimate, but will often be turned off by one or two characters. Similarly, scam texts tend to come from phone numbers with more than 10 digits.
-
Check, but do not click, hyperlinks. In most email programs, you can use your mouse cursor to hover over a link and see a preview of the page that will open. If the link seems suspicious, mark the email as spam and delete it.
In a text, generally avoid clicking links from unknown senders and don't reply.
Your home (now your office)
The only thing about the pandemic is that millions of office workers work from home. That means that attacks on our companies are increasingly targeting us at home. Hackers trying to steal information from a company could try to attack our personal email accounts or home networks, Culler said.
It is up to us to follow some of the best practices to protect the security of our employers' data, in addition to ours, he said.
Those steps include:
-
Check the security of your network. Like computer operating systems, Wi-Fi routers need security updates. Please refer to your router's instruction manual to log into setup and confirm if you are running the latest version of your firmware or software system. If your router is over seven years old, you probably no longer receive security updates, so your best bet is to buy a new router. I recommend Modern Wi-Fi systems, such as Amazon's Eero or Google Wifi, which automatically download security updates.
Obvious but also important: Make sure your router has a strong password.
-
Keep work and business technology separate. To work from home, employees may be tempted to start using their own tools, such as their computers, personal email addresses, and messaging applications. However, your equipment and applications were probably not configured to protect the security of your company's network.
It is better to work on computers, Internet accounts and software provided by the company. If you are missing a technological tool you need to work, ask your I.T. Department.
All of the above precautions may sound complicated, but if in doubt, go back to something you learned in childhood and add a twist – never talk to strangers, especially when they ask for your personal information.