Common COVID-19 and IT Cyber Scams: How to protect yourself

Protect yourself from cybercriminals and hackers by educating yourself on some common scams designed to trick you into giving out your personal information or get to your money.  We’ve highlighted the details of common COVID-19 scams and IT scams so you can arm yourself with the tools to stay cyber safe.

COVID-19 Scams

Many scammers are leveraging the latest information and fears around the short supply of COVID-19 vaccines to trick people into signing up for “supposed" vaccine appointments. Scammers are using telemarketing calls, text messages, emails, social media platforms, and door-to-door visits to perpetrate these and other COVID-19-related scams. For example, fraudsters are offering COVID-19 tests, HHS grants, and Medicare prescription cards in exchange for personal details, including Medicare information.

If you click on a link, download an attachment or provide information over the phone, cybercriminals could be stealing your credentials and personal information for financial gain.

Key Takeaways – How can you protect yourself?

• You will not be asked for money to enhance your ranking for vaccine eligibility. Government and State officials will not call you to obtain personal information in order to receive the vaccine, and you will not be solicited door-to-door to receive the vaccine.
• Be suspicious of any unexpected calls or visitors offering COVID-19 tests or supplies. If you receive a suspicious call, hang up immediately.
• Do not respond to, or open hyperlinks in text messages or emails about COVID-19 from unknown individuals.
• Ignore offers or advertisements for COVID-19 testing or treatments on social media sites. If you make an appointment for a COVID-19 test online, make sure the location is an official testing site.
• Do not give your personal or financial information to anyone claiming to offer HHS grants related to COVID-19.
• Be aware of scammers pretending to be COVID-19 contact tracers. Legitimate contact tracers will never ask for your Medicare number or financial information, or attempt to set up a COVID-19 test for you and collect payment information for the test.
• If you suspect COVID-19 health care fraud, report it immediately online or call 800-HHS-TIPS (800-447-8477).
• For further information, https://oig.hhs.gov/coronavirus/fraud-alert-covid19.asp or https://usa.gov/stop-scams-frauds.

One more important reminder as it relates to COVID-19.  Avoid posting your vaccination record card on social media as it can be a rich source of intel (birthdays, names, vaccination sites) for fraudsters, hackers and other cybercriminals.  This personal information can be used to craft convincing, individually-tailored phishing campaigns. For instance, scammers can use it to send messages masquerading as follow-ups from the clinic where an individual received the vaccine, asking for a fraudulent “click here” to schedule an appointment that could instead lead to downloading malware or other malicious result.

IT Scams

There has been a big spike in IT scams recently, and the elderly are particularly vulnerable. Fraudsters may attempt to initiate contact with you through an email, a phone call, or computer pop-ups claiming to be with a legitimate company (for example, Amazon, Microsoft, and anti-virus software companies). They inform the target victim that their computer is infected, that they have fraudulent charges, or they are entitled to some type of refund. The fraudster will then request remote access into your device, instructing you to login into your banking website, and proceed to conduct fraudulent activity such as a money transfer.

Key Takeaways – How can you protect yourself?

• Unless you can verify the caller is from a reputable service provider (e.g., Microsoft, Apple), do not allow anyone access to your computer. They will not call you unless you have called them about an issue first.
• Do not use the phone number in a pop-up. Use the official phone number listed for the vendor you are trying to contact.
• Never give anyone your passwords over the phone or in an email – reputable companies will not ask for them.
• Install a reputable anti-virus solution and ensure it has the latest updates.
• Check your accounts for suspicious activity (e.g., money transfers between your own accounts).