Scammers evolve their attack strategies as citizens and agencies become aware of their current methods to steal personal information and money. With COVID-19, impostors are attacking through email, text, WhatsApp, social media and phone calls to prey on citizens’ fears and compassion. The FTC has an ongoing tabulation of COVID-19 and Stimulus Fraud webpage you can see here. To date, over $309 million in losses have been reported since the beginning of the pandemic, with ages 30-39 reporting the most fraud attempts.

Impersonating a nonprofit is a common scam. The World Health Organization sent an alert that people have reported being scammed by WHO impostors through phishing emails. Real WHO email addresses end with who . int, never .org or .com. Even if the email ends in who . int, it is best to go through the official WHO website and initiate a donation on your own since scammers will mimic email addresses to trick you. Monetary donations are not the only way a scammer can attack; malware and password theft are also possible from clicking on links.

Medical identity theft is another way personal information is stolen, and the U.S. Department of Health and Human Services Office of Inspector General is monitoring and reporting on COVID-19 fraud. Scammers take advantage of people’s fear and desperation by offering COVID-19 testing, medical supplies, and Medicare prescription cards. If you turn over your personal information, the impostors can file claims with federal health care programs and commit medical identity theft. Only follow official vaccine sign-up programs. Vaccine sign-ups will not be offered door-to-door, nor can anyone pay to improve their eligibility. Beware of contact tracing programs that seem unofficial. Real contact tracers will never ask for payment, your Social Security number or need your Medicare number or insurance information. The FCC states that true contact tracers will typically initiate contact with a text, then call you to confirm what they already know – your name, address and birthday. Never click on a link in a text from an unknown phone number. Make sure you get tested at official COVID-19 testing centers only.

The Department of Justice and the IRS warn of fraud associated with stimulus checks and loan programs related to COVID-19. Government impostors will ask for Personally Identifiable Information (PII), claiming to offer help with your stimulus checks. Instead, they use it to commit fraud. They may also claim you were overpaid with a stimulus check and need to return some of the money or face penalties. Phishing emails can get your bank account information and password. The IRS will always initiate first contact through the mail, not a phone call or email. The Small Business Administration’s COVID-19 loan relief webpage was spoofed and the link emailed in a scam designed to collect log-in credentials of federal, state and local government employees.

Understandably, COVID-19 provokes an emotional response and scammers will use fear and hope to get you to act quickly. If you receive an unexpected COVID-19 message or phone call, fall back on your phishing recognition skills. Only open, click or respond to messages you are certain are valid. If the message seems suspicious, visit the organization’s official website for offer details. Always do your research before sharing your financial information on a donation page or your health insurance information on any online form or over the phone. Stay cyber-safe and healthy!