Remaining vigilant is the key to keeping safe.
Are you at risk from a COVID-19 scam?
The COVID-19 pandemic is certainly unlike anything we have seen before. Sadly, during these unusual times, cyber criminals and hackers are taking advantage where Canadians may be at an increased risk to fall victim to scams, malware, and ransomware. To thwart the attempts of these would-be cyber criminals, vigilance is required to safeguard your personal information and ensure you are not vulnerable to malware or ransomware. Don’t be the next victim of a COVID-19-related scam.
Safe Practices for Email
As general advice regarding COVID-19-related scams, you should start by exercising caution with emails. The medium is a popular choice for those looking to commit criminal/fraudulent activities. For best practices when handling emails, please remember to:
- Ensure you recognize the sender before opening an email and verify that the email address spelling is correct.
- If you intend to call a phone number sent to you in an email, ensure you recognize it or verify that it is authentic by looking it up on the organization’s website.
- Be cautious with clicking on embedded links. Verify that the website address is legitimate (official website with correct spelling). Although it is not convenient to do so, it is generally much safer to navigate to the linked page yourself.
- Scrutinize attachments and do not open any you are unsure of — particularly if you did not expect to receive it or they are from someone you do not know. If you are in doubt, and you know the sender, ask for confirmation that he/she intended to share the attached file.
- Treat a message as suspicious if there is a stated or implied urgency to it.
- Question any offer that looks too good to be true.
- Guard your personal information and do not share it unless you are sure the request is not fraudulent. It is highly recommended that you call to verify, if in doubt. This is particularly important for requests involving banking, credit cards, or money transfers.
In the past, there have been scammers sending emails claiming to be from well-known companies and institutions – most of which you undoubtedly know of or have relationships with. With COVID-19 in the news so much, scammers are hoping that recipients may be more inclined to click on suspect links. Their goal? To phish for money, personal information, or to install malware or ransomware on your device.
Aside from emails, and more specifically related to COVID-19, there are a number of known scams targeting those who are concerned about the spread of coronavirus using other mediums. Although some of these fraudulent tactics have already been exposed and may no longer be of concern, there are many more active threats that you may wish to be aware of.
Websites looking to infect your computer with malware or ransomware or phish for your personal information aren’t new. However, COVID-19 has given these cyber criminals a new way to focus the attention of potential victims with the high volume of internet searches regarding the coronavirus. These sites will often make claims such as a newfound cure or viable treatments for COVID-19 to lure visitor traffic.
Online Retail Sites
Many people are increasingly making purchases through online retail stores during the pandemic either for convenience or to increase their adherence to social distancing policies. As this relates to COVID-19, people looking for health protection and sanitation products to help prevent transmission of the virus should be wary of fakes. In addition, it should be noted that some sites exist just to phish for personal information and are using newfound interest in pandemic-related products to obtain it. During this time, it is even more important to only transact online with reputable companies. Even so, the fact that the website is well known does not mean that a merchant using it to transact is honest and reliable. Look at reviews and the merchant location before you decide to purchase. It is recommended that you do not buy any sanitization or pandemic protection products unless you have made reasonable efforts to ensure the merchant is reliable.
A phishing campaign carried out through phone text messages is called “smishing” — a take on "SMS" (Short Message Service) text messaging on phones. As this relates to COVID-19, the National Post recently reported that fraudsters claiming to be the Red Cross are sending text messages to individuals claiming to offer free face masks. When the victim follows through, they are asked to pay for a small delivery fee or donation. It is then that the victim’s credit card information is stolen1. Never click on a link sent through a text message, even if you know the sender – unless you know the sender intended to send the link.
Phishing/Scam Phone Calls and Recordings
There are several phone scams currently in circulation looking to steal your personal information, convince you to pay false bills, or sell you services that are misrepresented or you don’t need:
- Similar to the aforementioned text messages, there have also been phishing phone calls from individuals claiming to be from the Red Cross or other relief organizations offering free face masks.
- Fraudsters are impersonating personnel from health agencies offering fast access to COVID-19 test kits or claiming to have COVID-19 test results for you.
- As many Canadians have recently been laid-off work, some fraudsters are pretending to be from government departments following up on claims for Employment Insurance (EI).
- Cleaning, duct cleaning, and decontamination companies are claiming to have products or services that can protect you from coronavirus.
- Also related to layoffs and cashflow problems, imposters are stating your utility bills are overdue and your services will be shut-off unless immediate payment is made.
- If you don’t recognize a phone number, let the call go to your voicemail and wait to identify the caller. Do not call back – it could be a toll number. If there’s no voicemail left, you might also want to block the number. This is even more true if the phone number who called sounds familiar – generally because it actually has similar digits to your own phone number.
An Android app featured on a blog, and briefly available on the DomainTools website earlier in March 2020, promised the ability to display a real-time alert when a COVID-19 patient was nearby. In reality, the app was ransomware. After agreeing to provide the permissions required to complete the install, the app locked the phone installing the app and demanded $100 in Bitcoin to be paid to unlock it. There was also a stated threat to erase the contents the phone and leak the credentials for social media accounts2. Always download apps from the official store or if you are familiar with the source. Be aware that even the official store can have fraudulent apps, so read the reviews before you download an app and limit permissions to what is necessary for the app to perform correctly – for example, a cooking recipes app doesn’t need your location.
Regarding stocks and investing, the Canadian Securities Administrators (CSA) notes:
- Some companies are making claims about services and products they may have that can detect, prevent, or cure COVID-19 to boost the performance of their stocks.
- Some scammers are purchasing shell companies and subsequently circulating false information about them to artificially inflate the stock prices on an exchange. The scammer will typically sell his shares on the false news and the traded value of the stock will fall. This is otherwise known as a “pump and dump” scheme.3
It is important to note that although certain types of scams are perpetrated more commonly through certain channels, some others scams can be disseminated in multiple ways.
Readers are invited to check the Canadian Anti-Fraud Centre website for further advice and an updated listing of current scams.
This article and any recommendations, analysis, or advice provided by Marsh (collectively, the “Marsh Analysis”) are not intended to be taken as advice regarding any individual situation and should not be relied upon as such. This document contains proprietary, confidential information of Marsh and may not be shared with any third party, including other insurance producers, without Marsh’s prior written consent. Any statements concerning actuarial, tax, accounting, or legal matters are based solely on our experience as insurance brokers and risk consultants and are not to be relied upon as actuarial, accounting, tax, or legal advice, for which you should consult your own professional advisors. Any modelling, analytics, or projections are subject to inherent uncertainty, and the Marsh Analysis could be materially affected if any underlying assumptions, conditions, information, or factors are inaccurate or incomplete or should change. The information contained herein is based on sources we believe reliable, but we make no representation or warranty as to its accuracy. Except as may be set forth in an agreement between you and Marsh, Marsh shall have no obligation to update the Marsh Analysis and shall have no liability to you or any other party with regard to the Marsh Analysis or to any services provided by a third party to you or Marsh. Marsh makes no representation or warranty concerning the application of policy wordings or the financial condition or solvency of insurers or re-insurers. Marsh makes no assurances regarding the availability, cost, or terms of insurance coverage.