Fraudsters have been working hard for your money. The Federal Trade Commission reported that Americans have lost $13.4 million to coronavirus-related fraud since the beginning of 2020, with the agency receiving 18,235 reports related to the Covid-19 pandemic. However, the true number of scams and hacks is not known, since not all consumers have reported fraud to the agency.
Cybercriminals are taking advantage of the fear that the pandemic has created, sending phishing emails as well as texting and even calling targets.
“Criminals are now aggressively exploiting our overall unreadiness for the COVID-19 crisis, profiteering from the unprecedented technical susceptibility of the victims. Working from home, operations disrupted by digital transformation and a shortage of security personnel have introduced a wide spectrum of cybersecurity challenges,” explained Ilia Kolochenko, CEO of security firm ImmuniWeb.
Bad Actors Are Trying to Cash in on COVID-19
Cyber thieves have been stepping up their game and sending out more malware and phishing emails. Google reported that in the past week, the company has seen 18 million daily malware and phishing emails related to COVID-19 scams. That is in addition to the 240 million daily spam messages it sees related to the coronavirus.
“The phishing attacks and scams ‘use both fear and financial incentives to create urgency to try to prompt users to respond,’ Google says. In other words, same email scam, different subject line.”
The FBI has also seen a jump in cybercrimes, receiving between 3,000 to 4,000 cybersecurity complaints each day. Prior to the pandemic, they received 1,000 complaints a day.
Text Messages, Robocall and Phishing Scams
Scammers are also texting and calling their targets. Many times, the calls and texts appear to be from an agency or a legitimate source.
What do these scams look like?
The FTC has collected over 200,000 complaints related to the coronavirus. Half of the consumers say they have lost money, averaging about $560 per reported scam.
- One text message tells the recipient they have come into contact with someone who has COVID-19 and if they click on the link provided, they can get more information. Clicking on the link will let fraudsters download malware onto their device.
- The FCC said there are robocall scams offering COVID-19-related financial relief options, including work-from-home opportunities, student loan repayment plans and debt consolidation offers.
- Emails impersonating organizations like the World Health Organization (WHO) are tricking users into downloading malware or soliciting the users for donations.
Stimulus Check Scams
Over 4,300 domains related to stimulus and relief packages, many of them malicious, have been registered since January. A huge spike was seen on March 16th, when the government started talking about a stimulus plan. Checks and deposits began issuing in April and fraudsters saw are attempting to cash in. Some tips on how to avoid falling victim to stimulus check scams include:
- Verify Your Check Amount
- The IRS is calculating payouts on information it already has, from 2018 or 2019 tax returns. Beware of checks that arrive in an odd amount.
- Fishy Phone Calls
- Be aware for any robocalls that demand overdue taxes in order to get payments or threaten to arrest and file charges if the caller doesn’t comply.
- Links to Your Money
- You will never have to click on any links to collect your money.
“Right now, due to how vulnerable the population is, it’s really prime picking for fraudsters to come out in full force,” Donna Parent, the chief marketing officer at Sontiq, a identity theft protection company, said. The Federal Trade Commission “is reporting more than $13 million in fraud loss due to COVID-19—that’s only going to exponentially increase with stimulus payment scams.”
Tech Groups Want A Piece of The Action
Major tech groups have united to demand that Congress send funds to state and local governments to defend against cyberattacks as part of the next coronavirus stimulus bill. The technology groups represent Microsoft, Amazon Web Services, Adobe, Verizon, McAfee, Palo Alto Networks and many other leading cybersecurity organizations.
“The rise in malicious cyberattacks targeting State and local entities, combined with the chronic lack of workforce, patchwork legacy systems, under-sourced cybersecurity and IT services, and uneven federal assistance creates a greater risk of system failures that interrupts services on which State and local populations depend,” the groups wrote.
Baltimore, Atlanta, and New Orleans, along with small cities, have all been victims of cyberattacks, and the expectation is that things will getworse amid the COVID-19 pandemic. In order to prepare for potential cyber weaknesses at the state and local level, the groups have asked congressional leaders to increase funding for cybersecurity defense in the next coronavirus stimulus bill. Some of the tech groups also sent an additional letter to Capitol Hill last week asking that Congress increase funding for information technology (IT) and cybersecurity issues that have surfaced during the pandemic.
A Proactive Data Security Approach
In addition to maintaining best IT practices in this uncertain time, companies need to consider their overall data security strategy so that if their systems are compromised = hackers get nothing of value.
Bluefin is a staunch advocate of a payment and data security approach that includes PCI-validated P2PE, tokenization and EMV. We were the first North American provider of a PCI-validated P2PE solution to secure POS payments and today, Bluefin has over 130 global partners providing their PCI P2PE solution in 32 countries. In October of 2019, we introduced our ShieldConex® data security platform for the protection of financial information, PII, and PHI entered online. ShieldConex utilizes Bluefin’s proprietary SAFE™ (Shielded Access Form Element) tokenization and iFrame solutions to receive sensitive data directly from the consumer via the company’s website or via an API connection. ShieldConex is also one of the only data security solutions that can support both FPT and FPE.
With P2PE and ShieldConex, Bluefin provides a complete omni-channel suite for payment and data security, addressing important privacy regulations, including GDPR, CCPA and HIPPA, as well as ensuring PCI compliance, reducing scope and providing cost benefits.