WASHINGTON—The U.S. Secret Service has issued an alert about the types of email scams associated with the coronavirus disease 2019 (COVID-19) pandemic.
Phishing is at the top of list, per the Secret Service’s Global Investigative Operations Center, where criminals are sending emails purporting to be from reputable companies to entice individuals to reveal personal information, such as passwords and credit card numbers. Cybercriminals are exploiting the coronavirus crisis through the wide distribution of mass emails posing as legitimate medical and or health organizations.
In one instance, the Secret Service found that victims have received an email purporting to be from a medical/health organization that included attachments supposedly containing pertinent information regarding the coronavirus. This led to either unsuspecting victims opening the attachment, causing malware to infect their system, or prompting the victim to enter their email login credentials to access the information, resulting in harvested login credentials.
As teleworking increases, the agency notes that the reliance on email for communication is adding another multiplier to these types of email fraud schemes. The Secret Service warns that more of these incidents are expected, and increased vigilance regarding email communication is highly encouraged.
Another emerging fraud scheme exploiting the COVID-19 is using social engineering tactics through legitimate social media websites. Criminals are exploiting the charitable spirit of individuals by seeking donations to fraudulent causes, so consumers should exercise increased caution when donating to charitable organizations.
A third fraud scheme surrounds non-delivery scams where criminal actors advertise as an in-demand medical supply company that sells supplies to prevent/protect against the coronavirus. The criminal enterprise will demand upfront payment or initial deposits then abscond with the funds and never complete delivery of the ordered products.
Here are some quick tips to avoid criminal scams that exploit the coronavirus crisis:
- To guard against phishing emails/social engineering, avoid opening attachments and clicking on links within emails from senders you do not recognize. These attachments can contain malicious content, such as ransomware, that can infect your device and steal your information. Be leery of emails or phone calls requesting account information or requesting you to verify your account. Legitimate businesses will never call you or email you directly for this information.
- Always independently verify that any requested information originates from a legitimate source.
- Visit websites by inputting the domain name yourself. Businesses use encryption, Secure Socket Layer (SSL). Certificate “errors” can be a warning sign that something is not right with the website.
NACS has compiled resources to help the convenience retail community navigate the COVID-19 crisis. For news updates and guidance, visit our coronavirus resources page.