In addition to the enormous physical, psychological and social impact caused by COVID-19, the pandemic has also given rise to schemes by those looking to commit fraud by taking advantage of the current environment. Anxiety, uncertainty and the chaos that surrounds a global pandemic provides an almost ideal environment for criminal activity and fraud.
Research Shows Increased Fraud Activity
Scammers didn’t waste much time before seizing on the fear and uneasiness following the start of the pandemic. According to Arkose Labs, a company specializing in fraud defense, digital attack rates rose by 20% during the first quarter of 2020 and payment attacks increased by nearly 50% during that same time.
The goal of the fraudsters is almost always to gain access to personal or company information and then use that information for their personal financial gain. Frequently, the criminal will attempt to pass themselves off as someone you think you should trust as they attempt to trick you into providing valuable information, from bank account numbers and passwords to social security numbers and more.
Fraudsters are Phishing
Phishing, an attempt through email to entice you to take a certain action like clicking on a link, is on the rise during the pandemic and often the fraudster is using the pandemic as part of their lure. They’ll send an email containing a link related to the pandemic in hopes the unsuspecting recipient will click on the link. Clicking on the link, however, will most likely download malware on the recipient’s computer giving them access to passwords and other private personal or company information.
In one example, you receive an email telling you that you may have been exposed to someone who has tested positive for COVID-19. The email then requests you to click on a link to confirm you have received the alert notification. In reality, clicking the link does nothing more than provide the fraudster with the opening to gain access to your computer.
Many scams have also surfaced in response to the large increase in the number of people filing for unemployment benefits and the same goes for each round of stimulus payments from the federal government.
Risks at Work
The risks for a phishing cyberattack are just as real and frequent at work as they are on your personal computer. One of the popular methods being used is the scammer will pretend to be someone within your company asking you to confirm certain information.
For example, you receive an email that appears to be from human resources asking you to confirm information related to your benefits. The goal, however, is to gain your username and password so the criminal can log into your company’s VPN (virtual private network) or Office 365.
Cloud services such as Microsoft’s Dynamic 365 or Teams have become popular targets of fraudsters as well.
Recommendations to Reduce Fraud Risk
In an article related to the increase in fraud activity, Katie Kuehner-Herbert outlined 10 cybersecurity tips from the Independent Community Bankers of America (ICBA) to help reduce your risk for being a victim of fraud.
- Enable the strongest authentication tools offered by your bank. Popular authentication methods include security keys, single-use codes, and even biometrics.
- Use unique passphrases as passwords and differentiate them across multiple platforms. Length is better than complexity. A strong password is at least 12 characters long.
- Do a system check. Purge unused apps and outdated or sensitive information stored in old files and emails and ensure all software on internet-connected devices is current.
- Manage social media settings and minimize information sharing. Just a few data points can create a pathway for exploitation by cybercriminals.
- Use Wi-Fi judiciously. Limit the type of business conducted over open public Wi-Fi connections, including logging in to key accounts like banking.
- Monitor account activity regularly for irregular transactions, and report discrepancies to your financial institution immediately.
- Back up intellectual property and other digital information and store it safely so in the unfortunate event of ransomware or other cyberattack you have a way to retrieve the data.
- Read the fine print when purchasing items online. If prompted, DO NOT save credit and debit card information on the merchant’s website or app.
- Be mindful when shopping online and look for signs of illegitimate websites. Spelling or grammatical errors, missing contact information, and suspicious URLs or email addresses are all red flags.
- Look for special indicators such as web addresses with https:// that denote extra measures taken to help secure your information. URLs that end in .bank are assigned for exclusive use by financial institutions.