author image

Yahoo News

Website · Media/News Company

Follow this author

Fraudulent face mask sites, fake charities: 2020 is 'the perfect storm' for online scams

07/08/2020 06:00AM | 274 views

by Kristine Solomon

 

A worldwide pandemic, mass unemployment and nationwide protests over racial injustice — there are many important issues occupying our collective attention. Sadly, this kind of large-scale distraction is fertile ground for hackers.

“We have the COVID disaster combined with the economic disaster combined with the protests,” said Adam Levin, cyber security expert and founder of CyberScout, to Yahoo Life. ”We are now in the middle of what can be considered a perfect storm for scammers.”

Levin says that the current climate of our nation has set the stage for an online scam trifecta: motive, means, and opportunity.

“The motive for scammers is, for the most part, financial gain,” he continues. “The means is phishing, spear phishing, vishing (phone-based phishing), or smishing (SMS- or text-based phishing),” among other things. And the opportunity? “Anything that in any way touches something impacted by COVID,” he says, from stimulus check messaging to health updates. The ways in which online activism will motivate scammers remains to be seen.

The Federal Trade Commission (FTC) has been urging consumers to beware of online fraud, and they confirm that victims of scams have lost more than $13 million—and counting—since the coronavirus outbreak. “Oftentimes the only reason you haven't experienced identity theft is simply because they have access to so many people and so much information, they just haven't gotten around to you yet,” Levin said.

The good news is you are not powerless—far from it. We asked Levin to help us understand some of the biggest scams to look out for at the moment.

1. Stimulus payment scams

An email from a recipient you don’t know encourages you to click on a link—which then grants hackers access to everything from your bank account to your social security number. It’s called phishing, and it’s an old trick that keeps getting reinvented. “Never underestimate the creativity, sophistication, or persistence of hackers,” warns Levin.

One of the newest phishing tactics preys upon people seeking updates on their stimulus checks, according to Levin and the FTC. But the IRS will never contact you by email (nor phone, text, or social media). “Anyone who does is a scammer phishing for your information,” the FTC’s site warns. A phishing email may ask you to confirm personal information or even “inform” you of suspicious activity or log-in attempts using your information on the IRS website. It’s all bogus, says the FTC.

If you do fall prey to a phishing scam, hackers can easily hijack your usernames and passwords. Get yourself a secure password manager like LastPass Premium (affiliated with Yahoo Life’s parent company, Verizon Media), which will not only help you create rock-solid, hacker-proof passwords, but also store them in a virtual “vault” and sync them across your devices. The service was recently touted by Digital Trends in their ranking of the top services for 2020.

In response to pandemic-related security concerns, LastPass Premium has extended its free-trial period from 30 days to 90, plus the site won’t even require your credit card information until you decide to subscribe. After that, it’s $1.99 a month. 

 

2. Fake charity scams

 

“During this disaster, there are legitimate organizations out there raising money to help victims of COVID and their families,” says Levin. The same can be said of charities collecting funds for civil rights and social justice.

But do your research before you enter your credit card information. “There are scammers out there that come out with fake charitable requests,” says Levin. “The avenues that these can come through are obviously email, and then we have ‘smishing,’ or SMS phishing.”

This means you’ll get a text message from a number claiming to represent a charity and asking you to donate online. The FTC notes that telltale signs of a charity scam include a sense of urgency, vague claims about how your money will be used, or even a message thanking you for a donation you never made. Check all charities against Charity Navigator to make sure they’re legit.

Trend Micro Mobile Security protects your iPhone or Android phone against malicious apps, smishing, ransomware, unsafe Wi-Fi networks and unwanted access to your device for $30 a year.

 

3. Fraudulent sites claiming to sell PPE

 

“You have to be really, really careful about any link that you click on,” says Levin, and he’s not just talking about phishing and smishing. The FTC warns that scammers are targeting consumers desperate for personal protective equipment (PPE), and they’re setting up fraudulent websites to lure them in—a practice called ‘pharming,’ according to Norton.

Levin says the scammers are banking on a new wave of shoppers who will start looking for face masks as travel starts to open up. Protestors are likely looking to restock, too. The idea with fake websites is that you place your order but never get your shipment, says the FTC—and in the process, you share your payment information with scammers.

 

Comprehensive security software like Norton Security Online (affiliated with Yahoo Life’s parent company, Verizon Media) monitors your web surfing, flagging suspect sites and helping to keep your connection safe from scammers. Manage all your devices from one main portal.

The 30-day free-trial period has been extended to 90 days for Norton Security Online, and the site won’t ask for your credit card information until you decide to sign up at just $4.99 a month going forward.

 

4. Income tax identity theft

 

This scam is tricky because you’re never baited. In fact, you don’t know someone’s used your identity to file a fraudulent tax return until you try to file your own, according to Lifelock. And with the tax deadline extended to July 15, 2020, there’s more of a chance than ever to fall for this one if you haven’t already filed this year.

Here’s how it goes down: Scammers file a false return with all your identifying information and a lot of fake deductions in hopes of collecting a big, fat refund. Apparently, it happens a lot: The IRS identified $135 million in fraudulent tax returns in the first two months of 2020 alone, according to Bambridge Accountants New York.

Of course, in order to attempt income tax identity theft, a scammer needs your social security number among other crucial personal information. “And keep in mind that if you have enough information to file a fake tax return, you have enough information to commit full-on identity theft against a victim,” says Levin.

Malwarebytes (affiliated with Yahoo Life’s parent company, Verizon Media) blocks viruses, malware, malicious websites, ransomware and hackers that other traditional antivirus software can’t stop — and you can use it on up to 3 computers at a time. Try it free for 30 days, and then pay $4.99 per month afterwards.

 

5. Fake job scams

 

Many Americans are losing their jobs due to COVID and are looking for new ways to create income, so they’re more vulnerable than ever to employment scams, which come in the form of everything from emails to banner ads.

“Oftentimes, [people] don't realize that if they respond to certain work-at-home type jobs, they could be opening themselves up to losing money or having their identity stolen,” says Levin.

Here are some tell-tale signs of a fake job offer, according to the FTC: It promises you a job right off the bat, guarantees that you will make money, and often says you can work at home. If a potential employer “makes you a money mule,” as Levin puts it, or asks you to use your own credit card to cover upfront costs, it is most likely a scam, says the FTC.

Plenty of job ads are real, of course, but a good ad blocker will filter out bogus pop-up ads, banner ads, video ads, and more, so you can focus your search on legitimate employment sources. AdBlock Plus is a leading pop-up blocker that you can add to Chrome and other browsers for free.

Post your Comment

Please login or sign up to comment