Many times over the past few months, you’ve heard someone say, “This is a new situation we’ve never experienced before.” As the world adapts to social distancing, the cyber bad guys have altered their efforts as well to take advantage of the world-wide disorientation.
Over the past few years, email “phishing” has become the method of choice to steal your identity, account credentials and money. The scammers craft a message that looks like it comes from your bank, credit card company or employer. In the message, you’re usually directed to a website to enter your private information. This website probably has a name much like the real one—Suntrustva.net instead of Suntrust.com for example. When you enter your information, the scammer gathers it, and then uses it to commit fraud or send spam in your name. The website you go to may also download malware to your computer.
With COVID-19, the phishers now have other avenues for fraud. You may get messages saying you need to click to verify your stimulus payment, or to verify your medical status.
This year is also the decennial U.S. Census, which is being conducted mostly online. This gives scammers another avenue for crime. They can send messages telling you there is a problem with your previous submission. As it purports to come from the U.S. government, you may feel okay entering such highly sensitive information as your social security number, which is a gold mine for fraudsters.
These days, scammers are using text messaging as an avenue as well. As with phone calls and email, it is very easy to “spoof” the name of the sender. That incoming text from the U.S. Government advising you to click on a link to enter your name, address and social security number is NOT from Washington. More likely, it is from a hacker’s address overseas somewhere.
Not ALL incoming emails and text messages from utilities, local, state or federal authorities, banks or credit card companies are fake, though. Many of these bodies allow you to sign up for electronic communication in lieu of mail through the postal service. What’s important to remember though is you must initially sign up to receive such notifications. If you have never told your bank to text you with account alerts (overdraft notices, suspicious activity, etc.) and then you get such a text, just delete it. All the institutions with your private information need to have your okay to send you these. If you never opted in, don’t fall for the text titled, “We need to verify your account.”
When in doubt about a message, DO NOT reply to it at all, even if you don’t give the scammer the information they want. Instead, contact your bank, utility company or local officials by calling a number on a recent bill or that’s listed on the real website. If you reply to the scammer’s text, even if only to ask is this real, then they know your phone number or email address is valid. With this info, they can use “social engineering” (the 21st century euphemism for a con job) to try to get your sensitive information.
Just as social distancing can help you stay healthy physically, practicing paranoia around incoming communications can guard your financial health.