WASHINGTON - This year, 2020, is an El Dorado for criminals and pure hell for victims. The trappings may change but the trap is fairly consistent. Recent protests coupled with the myriad issues associated with COVID-19 have triggered a huge uptick in scams.
For criminals working the seams of 2020’s tumult, the motive is financial gain. The means may be phishing, spear phishing, vishing (phone-based phishing), or smishing (SMS- or text-based phishing) while the opportunity could be anything pandemic-related. Here are the top five scams of the year (so far):
1. Unemployment Scams
Shutdown-related joblessness has attracted scammers targeting your unemployment benefits whether or not you’re out of work.
After more than a decade of data breaches and compromises, there is a high likelihood that much of our sensitive personal information is available to criminals.
Criminals work in a number of ways. Under the guise of a government agency, health authority, or financial services organization, they may call, email, or text. The goal: Make you the unwitting accessory to a crime, tricking you into providing your own information to file a fraudulent claim.
Tip: Only authenticate yourself if you have initiated the communication.
2. Stimulus Fraud
Those among us with a “how” and “when” question about stimulus checks are easy prey for a scam.
Threadbare tactics like robocalls, phishing emails and fake texts work when we’re distracted or stressed out, and sadly there is no shortage of scammers pretending to offer stimulus help.
The first rule of thumb: If “help” comes with a fee, you should flee. And if you’re asked for your Social Security number, hang up.
3. Tax Deadline Extension Scams
Before the pandemic struck, the IRS reported over $135 million in fraudulent tax refund claims, up from 15 million during the same two-month period in 2019. Tax Day is now July 15, and scammers are making a mint on the extra time they have to loot the Treasury.
Keep in mind, the IRS will never initiate contact by phone, text, or email. They contact taxpayers the old fashioned way, via USPS. Bottom line: Never give out any information about yourself or your finances in an interaction that you did not initiate.
4. Charity Fraud
Charity-related phishing scams are on the rise, and getting more sophisticated.
The caller ID may appear legit, and the same goes for email. While the look, feel and sound of the organization may seem spot-on, the call to action could be fraudulent.
The only way to avoid scams: Go directly to the organization’s website or call them. Never click a link or open a random attachment without first asking yourself, “Could this be fraud?” Never trust. Always verify.Charitynavigator.org is a reputable free website that evaluates charities in the US run by a 501(c)(3). Charitywatch and the Better Business Bureau offer similar services.
5. Remote Working Requires a New Sort of Vigilance
Work from home is great commute-wise but it can be very distracting otherwise. On top of that, data security is an issue -- even if you live alone. Meanwhile, hackers are just looking for us to drop our guard long enough to slip us some malware.
Scammers know we’re concerned about our finances, our health and our families. The only solution: Slow down, and work with your IT department to secure all your devices and networks.
Additional Tips to Avoid Getting Scammed
Exercise extreme caution when sending sensitive information via email or text: Email and texting are convenient and universal, but they’re not particularly secure ways to send information. Tax forms, trade secrets, employee information, credit card numbers, bank or investment account information, or passwords all fall under this category.
Call to confirm requests for money or information: Whenever money or information is requested via email, take an extra minute to call whoever made the request directly to confirm it.
Take a breath: Phishing scams targeting businesses and individuals are often marked urgent and/or time-sensitive, and rely on the target responding too quickly to notice anything suspicious. Take your time before you click a link or open an attachment.
Enable two-factor authentication: Two-factor authentication prompts you to verify your identity by sending a code via text message or email. This adds an extra level of security to email and other sensitive accounts. It’s not perfect, but it can help prevent an account takeover.
Stay up to date: Security software and firewalls can’t block all malicious emails but they are regularly updated to recognize new threats and hacking campaigns. They work best when they’re kept up to date.
Make sure you’re running the most recent version of your security software, and update your operating system and applications while you’re at it.
Oh, and for good measure, back up your data frequently, preferably using an “air-gapped” encrypted hard drive.