Census, Politics, Pandemic, Economy: The unique circumstances in which scammers are preying on us all
This moment that we are living through right now is unprecedented; a confluence of events and circumstances that we (hopefully) are not likely to see again in our lifetimes. Scammers recognize this too and are pouncing on the unique opportunities to swindle people and businesses out of precious funds.
The Pandemic: According to the FTC people in the Unites States have lost more than $40 million due to COVID-19 related scams. These scams run the gamut of virus-related panic issues ranging from scams targeting travel refunds and cancellations to phishing scams ostensibly about contact-tracing apps.
In most cases around contact tracing, scammers are sending out massive spam texts, telling recipients that they have come in contact with someone who tested positive for COVID-19 and directing you to click on a link or call a fake hotline. Scammers are looking for two possible outcomes here:
- If you click on a link, it could download malware to your device
- Your personal information
There unfortunately isn’t a standard for what such a contact-tracing outreach looks like. However, be assured that official contact tracers will never ask you for your Social Security Number, personal financial information, or demand you engage in any sort of financial transaction. Instead of clicking on a link that comes to you in a text, try searching for the agency or organization that purportedly sent the text to see if you can find the information that way.
Scammers are also using social media to reach their targets – not surprising considering that as our real world engagements have contracted due to the pandemic, our virtual worlds have expanded. As reported by Fox News, Facebook users have received messages offering $1000 COVID relief grants, for a minimal processing fee of course. Such scams can also offer links that will send you to malicious websites with code that will infect your computer and/or steal your information. The key to understanding and avoiding such scams? If you see offers of COVID relief and this is something that you need, visit the website of the agency dispensing funds. DO NOT click on any links provided in a social media message or unauthorized profile.
The Election: The 2020 Presidential election is also an entry point for scammers and fraudsters this season and as we near the election the frequency of such scams will only increase. One key election related scam to watch out for is scam PACs, or Political Action Committees. Criminals set up front organizations purportedly in support of specific candidates or causes, just like real PACs, but their only goal is to raise money for themselves. These fake organizations aggressively solicit donations across all channels including mail, phone, social media. Make sure to carefully check out any PACs or candidates before making a donation.
Fraudsters are also taking advantage of polling as a ploy to solicit money and information. While there are many legitimate polls out there in these last few weeks before the election there are some key red flags to be aware of if you’re answering such calls. First, legitimate polling companies won’t use prizes for participation so if you’re offered a gift card or the like as long as you pay for shipping and handling, hang up. Also, polls have no need for any personal information like your SSN or financial information, so such requests are a scam and make sure that you do not give out any such information.
The Census: The Census that occurs every ten years is yet another opportunity for scammers to harvest your personal information. So while responding to the Census questionnaire is incredibly important, be aware of how you submit your information and what information you give.
Keep in mind that census takers – whether they are reaching out by phone, direct mail, or in person – will never ask you for sensitive information like your Social Security Number. Also take note that census officials will never reach out to you by email.
While they may ask you personal information, if you get a request for details like bank accounts or passwords you should disengage immediately (hang up, close the door) because you can be sure it is a scam. A good rule of thumb is to keep in mind that the census is seeking to better understand the U.S. population so all questions should be related to that topic and a few key pieces of information including:
- The number of people in your home
- Key identifying information of people in your household
- Your address and phone number
- Whether you rent or own your home
If you have more questions about what the census ask, you can view a sample form (and fill out the real thing) on the Bureau’s website.
Some scams are using threats to solicit information or money. You can be assured that there are no fines or penalties if you don’t fill out the census (other than the loss of government resources for your community). If you receive such a threat, you can be sure it’s a scam.
Even the mail is carrying multiple scams related to the census. Make sure you don’t visit any websites other than the official census site (2020census.gov), do not scan any QR codes, and don’t respond by mail to any surveys that do not have an official 12-character census ID.
Scams specifically targeting SMBs
While there are lots of scams to watch out for as individuals, and indeed some individually targeted scams can impact the organization you work for, criminals also are becoming more adept at targeting businesses and organizations. There are a few specific types of scams to which small and medium organizations are particularly vulnerable.
BEC: Business Email Compromise campaigns, also known as “spear-phishing,” is nothing new. In fact, we have seen reports of these type of social engineering-based attacks for years. However, over the past year we’ve seen an uptick in this method of phishing, with new groups getting into the fray. For example, WIRED magazine reported this summer that a Russian hacker group launched a sophisticated business email compromise campaign. The group, labeled Cosmic Lynx, infiltrates companies in the midst of mergers or acquisitions processes, playing on the confusion inherent in such situations.
BEC requires less technical investment and expertise upfront than the traditional malware approaches but is also time-intensive and does require a unique skill set. It is also incredibly lucrative; according to the FBI, BEC accounted for half of the financial losses to cybercrime in 2019. As the firewalls and protections against conventional malware attacks improve, we’re likely to see the prevalence of spear-phishing attacks continue to increase.
Note that this mode of scam is not limited to email. This year, we have seen the rise of phone spear-phishing, or “vishing” as well. And in fact this technique was responsible for the major twitter attack that took place in July.
Deceptive marketing practices: While this method of fraud is not specific to this moment, it is still a scam to be on the look-out for. At a time when many businesses, especially small businesses, may be both understaffed and financially strapped, we may more susceptible to this type of scam in which companies send out solicitations made to look like invoices. These fake invoices often come from companies claiming to have delivered goods or services like office supplies or website hosting, but such services were never provided by said company. Even more alarming is when such a fake invoice warns that you are delinquent on local government fees or taxes. Make sure you have a procedure in place to examine invoices before paying them and this will help you avoid such scams.
Freelance Workers: At a time when the small business workforce is spread across cities and regions and maybe smaller than it was a year ago, the demand for freelancers is on the rise. Unfortunately, scammers lurk here as well. Sites like Upwork and Freelancer.com both offer a great opportunity for small businesses to connect with the labor and expertise they need for a given project or time frame, but they also offer an opportunity for criminals to take advantage.
Often offering amazing rates and perfectly matched resumes, freelance imposters will often accept and upfront deposit and then disappear without delivering any or all of the project. They can even impersonate legitimate contractors, trading on an already established reputation to coerce payment. Make sure to fully research anyone you are looking to contract and then do a video interview before hiring.
Steps and Tools to Avoid Scams
If you are a business owner, there are several things you can do to help keep your organization and employees safe from the scammers out there.
- First and foremost, help keep your staff informed by communicating about current scams and setting up protocols that equip your employees with the tools to recognize scams. There are many tools out there to stay up to date on the latest hustles. For example, the FTC offers Scam Alerts by email as well as a comprehensive catalog of current scams by topic or issue area. They even have state-specific data so you can see what types of fraud and cons are most prevalent near you.
- The Better Business Bureau also offers a scam tracker that can be a great resource for either staying ahead of current scams or researching if anything feels a bit off in your daily operations.
- Always double check your vendors, including freelancers and contractors. Research them before beginning the relationship and then make sure that relevant employees are aware of who your current vendors are. In this way, if an unfamiliar invoice comes to your business’s inbox, it will be more likely to raise a red flag.
- Avoid using certain methods of payment. Forms like pre-paid debit cards, gift cards, and wire transfers all are the preferred modes for scammers and provide little value-added for most regular business operations.
- Protect your devices. As more and more work happens from laptops, phones and tablets, make sure that all devices on which your employees do work for your organization are well protected and that you have a comprehensive and implementable BYOD policy in place. This also should include periphery devices like printers and VoIP phones. While this may require an upfront expense, chances are it will save you both money and heartache in the long run.
As an individual, there are also several key steps that you can take to safeguard against scams.
- Be aware that social media is rife with criminal scammers, and yet many people tend to be less cautious when engaging with social media, especially on their phones. In a recent report from the Better Business Bureau, of those who were exposed to a scam on social media, 91% engaged with the scam and 53% lost money.
- Google’s ScamSpotter website even quizzes you to see if you recognize potential scams. It can be a cool tool to help better understand what methods scammers are using.
- Never pay up front for a promise. Guarantees of debt relief, a job, mortgage assistance, or even a prize should never be preceded by a requirement for payment. Even in difficult times, if such a promise comes your way, it is likely a scam and you should walk away.
- Keep personal information personal. Treat your personal information like currency, because it is. Information like your Social Security Number, bank accounts, your birthday should never share unless you trust the entity with which you are sharing and understand completely how and why the information will be used.
Other Key Scams to Watch Out For
- USPS “waiting package” phishing scam, especially via text message
- Individual and businesses have also reported “Tech Support Scams”
- Scams are also infiltrating the PPE market so as you prepare your business for the next phase of reopening, be on the lookout for this type of scam
- “Customer Service” imposter scams