Fear and changes create opportunities and, sad to say, COVID 19 is no exception. As a matter of fact, the Federal Bureau of Investigation (FBI) has released several articles covering some of the COVID 19 fraud schemes that are coming to light. We do have to say, that the FBI has also created several tools and articles that we consider useful, informative and their website is easy to navigate. Some of the key fraud schemes they warn us about are:
Fake CDC Emails. Watch out for emails claiming to be from the Centers for Disease Control and Prevention (CDC) or other organizations claiming to offer information on the virus. Do not click links or open attachments you do not recognize. Fraudsters can use links in emails to deliver malware to your computer to steal personal information or to lock your computer and demand payment. Be wary of websites and apps claiming to track COVID-19 cases worldwide. Criminals are using malicious websites to infect and lock devices until payment is received.
Phishing Emails. Look out for phishing emails asking you to verify your personal information in order to receive an economic stimulus check from the government. While talk of economic stimulus checks has been in the news cycle, government agencies are not sending unsolicited emails seeking your private information in order to send you money. Phishing emails may also claim to be related to:
Counterfeit Treatments or Equipment. Be cautious of anyone selling products that claim to prevent, treat, diagnose, or cure COVID-19. Be alert to counterfeit products such as sanitizing products and Personal Protective Equipment (PPE), including N95 respirator masks, goggles, full face shields, protective gowns, and gloves. More information on unapproved or counterfeit PPE can be found at www.cdc.gov/niosh. You can also find information on the U.S. Food and Drug Administration website, www.fda.gov, and the Environmental Protection Agency website, www.epa.gov. Report counterfeit products at www.ic3.gov and to the National Intellectual Property Rights Coordination Center at iprcenter.gov.
Zoom-bombing. This refers to the act where an unauthorized individual hijack a video teleconference. The term comes from Zoom who is a company that offers online meeting platforms but is now applied to any type of teleconference hijacking attempt regardless of the platform used.
Even the Office for Civil Rights (OCR) has jumped into the bandwagon to prevent fraudulent schemes. In OCR’s Alert: Individual Posing as OCR Investigator they posted:
“It has come to OCR’s attention that an individual posing as an OCR Investigator has contacted HIPAA covered entities in an attempt to obtain protected health information (PHI). The individual identifies themselves on the telephone as an OCR investigator, but does not provide an OCR complaint transaction number or any other verifiable information relating to an OCR investigation.”
The fact that an emergency has been declared by President Trump and that the Office for Civil Rights (OCR) posted that health care providers will not be subject to penalties for violations of HIPAA is not the same that we don’t have to be alert or security conscious. In fact, the FBI recommendations should sound somewhat familiar as they encompass:
As to Zoom Bombings the FBI Recommends
Last, but just as important, OCR’s recommendations regarding OCR impersonators are:
From our part we recommend everyone to remember the basics of cybersecurity, be alert and to report suspicious activity, by visiting the FBI’s Internet Crime Complaint Center at www.ic3.gov.