Veriff’s Tips on How to Survive COVID-19 Scams

Veriff’s information security team aims to highlight these tactics and offer cyber hygiene practices on how to avoid becoming the next victim of COVID-19-related scams. Here’s what you need to watch for. 

Find the Phish

Phishing scams are dangerous because, especially times like this, you are made to believe that the message is sent from someone you trust. Normally these messages ask you to send your login details or payment for a service. Noteworthy examples of this are the World Health Organization (WHO) and the Centers for Disease Control and Prevention (CDC) whose identities have been misused in phishing campaigns. WHO has issued a warning for users to be aware of such fraudulent activity on their webpage, titled “Beware of criminals pretending to be WHO.” 

There are a handful of cyber hygiene practices that can help you avoid phishing scams, such as:

• Verify the sender - check the email address to see if it’s a trusted source. There’s no harm in double checking with the source directly to see if you should have received an email from them.
• Avoid clicking links or attachments - links or attachments in unsolicited emails should not be trusted. They could direct you to malicious webpages and/or cause you to download malware.
• Reconsider providing your personal information - customarily companies and other organizations never ask for your personal details (username, password, banking information, etc.) in an email. You should not feel compelled to disclose your personal details in this manner.

Sham Shops

Other popular scams taking advantage of the pandemic are related to financial fraud. Criminals are defrauding victims online by posting fake marketplaces, sites and social media accounts claiming to sell a range of medical supplies. The United States Department of Justice has a list of scams, including but not limited to, the selling of fake cures and vaccines, asking payment for patient treatment as well as the aforementioned selling of medical supplies. Before you make any COVID-19 related purchases, be sure to:

• Verify the legitimacy of the seller’s website - scammers will most likely use web addresses that impersonate legitimate marketplaces. The web address and customer reviews can be red flags for illegitimate webshops.
• Ignore offers for vaccines or other treatment options - as of now there is no definitive cure for this disease, nor is there a vaccine. If an effective treatment is found, trusted sources (WHO, CDC and your local Pharmaceutical Regulatory Agency) will post further information.
• Be wary of monetary transactions via abnormal methods - payments requested via wire transfer, gift card or cryptocurrency should be considered suspicious. 

Defeating Disinformation

Although not necessarily linked to criminal activity, the spread of misinformation is fueling public anxiety and uncertainty of what lies ahead. This so-called ‘infodemic’ surrounding COVID-19 has been an obstacle for tech giants as of late. Facebook, Twitter, Google, YouTube Microsoft, LinkedIn and Reddit have come together to combat misinformation by elevating authoritative content and coordinating with government healthcare agencies to share updates. You can do your part in limiting the spread of such information by doing the following:

• Fact check your findings - the best way to stay informed is to arm yourself with cold hard facts. Make it a habit to research claims asserted online to determine their credibility.
• Only share updates sent by trusted health sources - you can help stop the spread of misinformation by sharing information directly from trusted sources, such as WHO, CDC or other healthcare professionals. Circulating non-factual posts can be dangerous, and in some cases, life threatening. 

Suggested Solutions

If you believe that you have fallen victim to either of these COVID-19 scams, don’t fret. You can still remedy the situation by taking these reactionary measures:

• Report the scam - the first step in reacting to a scam should be reporting it to the relevant authority. Reach out to the business or organization whose identity is being used in the scam and alert them of the fraudulent activity.
• Change your credentials - in case you happen to send a username, password or other credentials to a scammer, make sure to quickly change them. Changing credentials prevents a criminal from accessing your personal accounts.
• Scan your computer with antivirus software - having your antivirus scan your machine helps you remove malware that you may have inadvertently downloaded. Please also make sure your antivirus is up-to-date.
• Contact your bank/credit card company about fraudulent charges - you can dispute fraudulent charges found on your account or credit card. Doing so will mitigate the damage done.
• Remove social media posts - taking down misinformative posts from your account limits the number of others who will later see and potentially share it.

Most Importantly, Stay Safe

We each have the ability to protect ourselves and others by staying well-informed about both the health and cyber threats COVID-19 poses. Let’s do our part to help the internet be a safe place for all during this trying time. Most importantly, practice personal and cyber hygiene habits to stay safe wherever you may be.