Like any crisis, the Covid-19 pandemic is full of opportunists. Some are legitimate and are simply serving a market necessity, but others are taking advantage of the fear and confusion to up their scam game in order to steal our money.
We’ve all seen the e-mails. They look legitimate, almost perfect, but there’s usually something missing. Maybe it’s your name, or there’s lots of typos, or the logo is wrong, but it’s not quite Paypal or Apple or Amazon or Citibank. Still, many are so accurate that they can easily fool us into thinking they’re the real thing.
This is the problem with phishing scams, and during this Covid-19 pandemic, as companies scramble to react and communicate their plans to clients, providing special websites, and other tools to assist in managing the situation, we’re bombarded with e-mails that are not the usual company fare. That’s where the scammers are at their best, taking advantage of our confusion to aid us in misleading us towards their scam.
Got an e-mail from “PayPal” or “Amazon”? Don’t click on the links. Go directly to your browser and type in the URL. There’s a “Security Issue”? Contact your bank directly or again, go to your browser and type the bank address yourself.
Clicking on these links often take you to a website that looks real, except maybe a slight typo in the address or they’re using a subdomain to sow confusion. Don’t do it. Don’t click. Don’t open that attachment.
It sounds like some government plan to modify our behavior, and the Covid-19 pandemic can lead us down some dark, conspiracy holes. But no, social engineering in the context we’re talking about is a clever way to fool you into divulging personal or confidential information. It’s a con tactic.
Often used by phone, the scammer will use social engineering to get more information out of you than you would normally have given. During this crisis, this type of technique has grown in use along with simple impersonation to steal people’s personal information, identity, credit cards, bank info, etc.
Never give any of your personal information over the phone. Make sure you know the number calling you, and if it’s an offer, call the company yourself using their public number, not the one the caller gives you.
Often, it’s easy to trust a scam. They seem to know your information, the same as a legitimate company would. They might ask for you directly, reference something personal, maybe a password even. Don’t fall for it.
Hackers have been growing in their information gathering activities, breaking into companies that hold all our information, like credit score companies such as Equifax, or data brokers. They either use that data to scam us directly and maybe even tempt us into a ransomware game, where we pay them in bitcoin to avoid losing all our data or avoid embarrassment, or they may sell our information to others who will use it to scam us into giving them money.
In the latter situation, the scammer will offer to confirm your information in order to ensure the data they have on you is valid, marking it as something to be used for social engineering with a bank or other company, identity theft, etc. If they have your info, they don’t need to confirm it, so don’t.
Always, call the company or bank directly using their publicly available number or website. Don’t fall for these scams during the Covid-19 pandemic or beyond. Stay safe!
