To say that Coronavirus has dominated our minds and headlines these past few weeks is an understatement. While most people are worried about their physical and financial health, fraudsters are opportunistically preying on that fear. So, it is more important than ever to be vigilant and aware of various ways hackers can take advantage of you during these uncertain times. Here are some of the recent threats we’ve been seeing and best practices for protecting your identity and money.
Phishing usually involves an email or social media post that includes a link or attachment. Scammers are currently baiting people with Coronavirus content to instill fear or offer help. For example, one might receive an email with a link to a virus-related charity, or a message containing the latest “cure” for the virus, possibly including a link to a map of stores that have items that are scarce and in high demand. Another example is an email from a fake health agency (e.g., CDC) with false information.
Any information you seek from the Centers for Disease Control (CDC) or the World Health Organization (WHO) can be found by typing in the website for the agencies directly, rather than clicking on links shared in an email or social media message – http://www.who.int/ and http://www.cdc.gov/.
If you want to donate to a charity, go to the charity’s website and donate from there. Don’t click on any link in the body of an email.
Do not open attachments or click on links from an unfamiliar sender.
A domain spoof is a malicious site masquerading as a legitimate one. For example, fraudsters will try to trick someone by sending them to who.org, while the legitimate address is http://www.who.int/. Clicking on the wrong site may result in malware being installed on your device.
- Always check for website misspellings and incorrect domains and links.
We wish we were talking about one of our favorite summer pastimes, but watering holes in the world of cybersecurity are when legitimate and trusted sites get compromised by a hacker who installs malware. This kind of attack generally happens to smaller, less secure sites that are less frequented by the public. Once a user visits the affected site, hackers can then attack by infecting the user’s machine. For example, a hacker may target your local municipality’s web site, where locals may seek important updates.
- It’s nearly impossible to avoid visiting sites that have been compromised, so be extra careful when visiting sites that aren’t widely visited by the public. When in doubt, pick up the phone and call the organization you’re trying to reach.
- If you’re a small business owner, make sure the latest software patches are applied to remove any vulnerabilities.
Phony Products and Offers Scams
Beware of people claiming to have products that prevent, diagnose, treat, or cure COVID-19, or that offer you any monetary relief.
Specifically Watch Out For:
- Sites that claim to have products that are otherwise scarce these days (medical masks, sanitizing products, toilet paper) at a fair price.
- Ads for purchasing COVID-19 test kits.
- Requests for personal or account information to receive economic stimulus checks.
- Always use extra caution when asked for personal and payment information.
- Verify the retailer or seller before ordering and paying for any product or service.
Investment Products Scams
The SEC regularly publishes bulletins highlighting recent investment scams. As it relates to the Coronavirus, the SEC has become aware of various stock promotion scams disguised as “research reports” that claim that: “a product of a particular publicly-traded company can prevent, detect, or cure the virus and that the stock price of the particular company will dramatically increase as a result.” Micro-cap stocks are particularly vulnerable because there is typically very little public information about them.
In a “pump and dump” scheme, promoters of a specific stock or company will spread false positive rumors, enticing investors to buy and causing the price to spike. At a certain point, the conspirators will dump, or sell their shares, thereby causing victims to lose money on the investment.
- Do your own research!
- Try to avoid investing in “too good to be true” stories.
- When possible, consult with your financial advisor before making meaningful investments.
We know that everyone has enough to worry about these days and we hope that by sharing this information, you’ll be protected from the many bad actors whose objective is to exploit the fear and chaos surrounding us these days. While we should all take these basic precautions even in times of relative stability, they are especially important when vulnerability is high and ripe for cyber-predators:
- Always verify the sender or source. If there is any doubt, pick up the phone and call to verify.
- If it’s too good to be true, it probably is. Use extra caution with any information related to current headlines.
- When in doubt, be overly cautious.
We also encourage you revisit what we have already written on the topic of protecting your identity. These best practices are timeless. For more, please go to: https://www.wealthspire.com/blog/keep-your-identity-to-yourself/.
Maintaining online safety is crucial to protecting you and your family. Stay healthy and safe, and please do not hesitate to contact your advisor with any concerns.