COVID-19 Phishing Scams

The US Secret Service Recommends Increased Vigilance Regarding Email Communication Due to COVID-19 Phishing Attacks

The United States Secret Service has issued a warning about various Coronavirus-related phishing emails targeting the general public, and it recommends increased vigilance regarding email communication. Learn how you and your loved ones can better detect and avoid COVID-19 phishing emails.

Phishing Emails Seek to Gain Personal or Financial Information

Phishing is the fraudulent practice of sending emails impersonating reputable companies to entice individuals to hand over personal or financial information. According to one report, as many as four out of five phishing emails may be currently using the Coronavirus in an attempt to trick victims.

Experts say that there have been a significant number of Coronavirus-related credential phishing attempts, which is when scammers attempt to steal login credentials, such as usernames and passwords. Login credentials are valuable information for cybercriminals because they can be used to reset passwords for bank accounts and commit financial fraud.

COVID-19 Phishing Attacks Can Vary Widely

The United States Secret Service states that cybercriminals are exploiting the Coronavirus through the wide distribution of mass emails, some of which impersonate legitimate medical or health organizations.

Other COVID-19 phishing scams may:

Hint at the availability of a vaccine
Claim to be from a charitable organization raising funds
Urge people to download software on their device to assist in the efforts to find a cure
Impersonate an online retailer, such as Amazon, with the promise of a free product
Appear to be from a company’s HR department

Phishing attempts may even come in the form of malicious text messages, WhatsApp messages, or even Facebook Messenger communication that appears to be from a friend.

Beware of Email Scams Related to Federal Coronavirus Stimulus Checks

According to reports, scammers may be sending official-looking emails claiming that individuals need to provide PayPal, bank account, or other financial information before they can receive their federal stimulus payment. Experts say that any text, email, or phone call from someone claiming to be from the government and offering a stimulus check is likely a scam. According to the FTC, the government will not ask individuals to pay anything in advance in order to receive the funds, and it will not call to ask individuals for their Social Security number, bank account, or credit card number.

For official information on federal stimulus checks, visit the IRS’s web page Economic Impact Payments: What You Need to Know.

Ways to Better Protect Yourself from Phishing Emails

Don’t click on links or open attachments in unsolicited emails - The United States Secret Service advises individuals to avoid opening attachments or clicking on links within emails from unrecognized senders. These attachments could contain malicious content that can infect the device and steal information. Instead, it’s best to visit websites by typing in the domain name manually.
Verify the source - An email, text, or phone call that urgently requests personal or financial information is likely a scam. If needed, it’s recommended to contact the organization using known contact information. If a message from a contact you know seems odd, get in touch with them directly--using another contact method--to confirm that the message is legitimate.
Guard personal and financial information - Be wary of emails asking for account numbers, credit card numbers, wire transfers, or failed transactions. Consider why someone would need that information and whether the request is appropriate. For example, in most cases, there is no reason another individual would need your username or password.
Practice good password habits - It’s advised to create unique passwords (or passphrases) and use a different password for each account. The Identity Theft Resource Center (ITRC) provides advice on creating unique and memorable passwords.
Protect your computer - Experts advise keeping software up-to-date and setting software to update automatically. If it’s available, consider using multi-factor authentication. Consider installing an antivirus program on devices.
Have a backup plan - Experts recommend regularly backing up important information in the event that a virus or ransomware blocks access to files. Options may include backing up data on a USB drive, an external hard drive, or a cloud service.
Think before you click - According to experts, one of the best things consumers can do to protect themselves is to slow down. If something doesn’t seem right about an email, it’s best to delete it.

What To Do If You Think You Have Been a Victim of a Phishing Scam

If you believe you have been the victim of a phishing scam, the FBI recommends reporting it to the Internet Crime Complaint Center at ic3.gov and to the FBI at tips.fbi.gov.
If you believe you have seen a scam or suspicious claim, the FTC recommends reporting it to the FTC at ftc.gov/complaint.

Additional Resources

The FBI recommends that individuals get information from trusted sources, including the Centers for Disease Control for medical information, and the FTC or the IRS for financial information.
For more information on Coronavirus scams, visit the FTC’s web page Coronavirus Scams: What the FTC is Doing.