Have you gotten a weird email or phone call from the IRS asking for money or personal information? How about a text from the World Health Organization about COVID-19 testing in your area?
Despite how convincing these messages may appear, there’s a good chance they’re nothing more than scams looking to bilk you of money and data.
Coronavirus scams have been spreading for months, and they show no signs of slowing down. This week, Secret Service Assistant Director Michael D’Ambrosio warned such scams could put $30 billion in federal relief funds in the hands of criminals. Tap or click here to see the stimulus check scams to avoid.
By now most Americans have received their stimulus payments, but scammers are still promising additional money and resources — and using news of the pandemic and national protests to cause even more damage. Here are the latest scams you need to be aware of.
The IRS will never call you, but don’t tell these scammers that
The IRS has released a new alert informing Americans of the dangers they face from con artists in the wake of the pandemic. The IRS says it has seen “a tremendous increase in phishing schemes utilizing emails, letters, texts and links,” with topics spanning from coronavirus and COVID-19 to stimulus checks, business loans and bogus cures and treatments.
The IRS and researchers from Check Point Security found more than 1,200 new stimulus and relief package related websites registered in the month of May alone, and 3% of them were confirmed to be outright malicious.
The most blatant scam, though, comes in the form of a message claiming to be from the World Health Organization that promises an “additional stimulus package for you,” with requests for personal information like your bank account, Social Security number and other personally-identifying data points.
Remember, the IRS will never reach out to you in any other form but snail mail, meaning calls and messages claiming to be from the agency are utterly fake. In addition, organizations like the WHO have no monetary say-so in the United States, meaning promises of additional money from them can also be ignored.
Beyond shady communications, websites promising money, answers or medical treatments should also be avoided. Most of them appear to be phishing-schemes in disguise, and once you “bite,” you’re on the hook for personal data that can be used against you maliciously. Tap or click here to see why there are so many new phishing scams during COVID-19.
Hijacking a political moment
In a new low for the scammers of the world, a string of phony donation websites and phishing campaigns purporting to be from Black Lives Matter are making the rounds online.
A dangerous email that urges recipients to “anonymously vote” in support of the BLM movement is circulating, according to reports from BleepingComputer. The email includes an attached form to fill out, but the file is not what it seems.
Upon download, the file installs the malicious TrickBot trojan, which is capable of stealing bank information and offloading it to scammers remotely. Tap or click here to see why TrickBot is so dangerous.
The malware can also pilfer account data, passwords and other important data points, which could lead to potential ransomware and hacking attempts in the future.
Charities and political organizations are common targets for fraud. It’s bad enough to see malicious cyber-actors hijacking a movement for their own ends, but attacking people on top of that really drives home how cynical and amoral these hackers and scammers are.
Thankfully, as with all phishing schemes, you won’t be affected if you refuse to “bite.” By knowing the shape of the threat, you can avoid it entirely — as well as inform others about what to look for so they can protect themselves.
Here are a few tips to stay safe:
- If it seems too good to be true, it probably is. This is especially true if anyone is offering you money.
- If the email is full of obvious spelling and grammatical errors, it’s most likely a scam.
- If you don’t know who the email is from, don’t download files, open other attachments or click any links.
- If an email starts with “Dear Sir” or “Dear Madam,” delete it.
- Think twice before you follow any prompts to verify sensitive account details or provide personal information.
Phishing scams can only hurt you when you fall for them. As long as you remain informed, you’ll know not to open weird emails or download malicious attachments to your personal machine. Your bank account and privacy are counting on you!