From the Cyber Security Expert: Current Scams Related to COVID-19
From the Cyber Security Expert: Current Scams Related to COVID-19
I spend most of my life coming up with new scams and ways to rip people off. I’m not a criminal but I get paid to think like one. My job is to find weaknesses in companies and individuals and then show how those weaknesses can be exploited. It’s an odd career to say the least, but organizations realize that it’s far better to hire someone like me to find security issues and warn people about them rather than wait for actual criminals to attack.
Over the past few years, the most common way to attack people both at home and at work has been through email. By now, just about everyone has heard of the term Phishing and most people realize that when you receive an email, there is the potential that it contains a malicious link or attachment. There is no shortage of stories where people have fallen victim to these types of attacks and the results have led to both compromise on personal computers as well as major breaches at some of the biggest companies in the world.
What’s interesting to me though, is that while everyone has shifted their focus to trying to protect themselves from these email scams, criminals have been quietly adjusting and moving their attacks back over to the phone. Now, I say “back over to the phone” because it used to be that the most common form of scams that both individuals and corporations faced would come from malicious phone calls. Of course, this was before criminals realized how easy it was to attack people via email. Well, as with many trends that come and go, phone scams have once again become en vogue and criminals are having a field day.
You see, while organizations have been spending millions of dollars designing software that can detect and block potentially malicious emails from making it into your inbox, there has been very little focus on incoming calls, and criminals have noticed.
One of the more popular phone scams that criminals have been using lately is the COVID‐19 contact tracing notification. This is when you receive a phone call where the caller claims to be an employee of the CDC (Center for Disease Control). They explain that you were recently in contact with someone who tested positive for COVID‐19. The phone call is to notify you that you are required to self‐quarantine for the next 14 days. Now you might be thinking that it doesn’t seem like much of a scam, but the criminal is not done. Once they have shared the bad news and put the person into a rather unsettled state of mind, they go on to explain that as part of the government program to protect all Americans they have been assigned an ID and case number and that all their COVID‐19-related treatment will be covered under the health care insurance act. This seems like good news to a lot of people who are worried in these difficult times about any costs, especially medical costs.
The caller then asks a few questions to activate the COVID‐19 health care ID. They first say and spell the name of the person they called and ask them to confirm it is correct. They also read off their home address. This all makes the call seem very legitimate. In some cases, they may also provide the name of the organization where the person works and other seemingly private information. On a side note, all of this information can generally be found through Google searches or via the dark web. Now, the last thing the caller needs before the account can be activated, is the person’s social security number. They explain that this is required for security purposes to ensure the caller is really talking to the correct person. And if the person gives up that social security number, just like that, they are another victim of an identity thief.
Now while it might seem like an obvious scam, I have spoken to numerous people who have fallen victim. It’s not that they are dummies; it’s that when you receive a phone call completely out of the blue like this, and when your mind is on other things, a skilled criminal can sound extremely convincing. Combined with the scary topic they are discussing, it’s easy to fall victim in the moment.
This is just one example of a newer scam and unfortunately, new ones seem to be coming out every day. Ultimately, what it comes down to is that phone scams are on the rise and it’s important to be aware and prepared for just such a call.
Tip to Not Fall Victim
If you receive an unsolicited call, immediately put up your guard. If you don’t recognize the number, consider not answering it. Keep in mind that the caller can “spoof” the phone number, which means they can make the phone number look like anything they want it to. However, if you do answer, pay attention to what the caller is asking. If they ask for any personal information, stop. Find out as much as you can about them, such as what organization they are calling from, their name, any ID number, etc., and then tell them you will call them back. Do your own research and only call phone numbers that are publicly available for the organization they claim to be calling from. Keep in mind that no one from the government, your financial institution or any other organization will call you out of the blue and ask for your social security number or other personal information.
In addition, if you receive a call from someone claiming to be a loved one or friend and they are asking for you to get them money for some emergency, again stop. There are many of these scams and the caller will always pretend to be in trouble and need money immediately. Tell them you will call them back and then call other friends or family members to confirm the story. If they tell you they want to keep it a secret, this should be a major red flag.
While email scams are still a major form of attack by criminals, it’s important to remember that it’s not their only avenue. Phone calls can often seem more personal and therefore put your mind at ease. At the end of the day, a criminal can have just as much success scamming people over the phone as they can via email and it’s up to you to keep your guard up for both.
Jim Stickley CEO
Stickley on Security
Jim Stickley has stolen credit cards, hacked Social Security numbers, robbed banks, created fake ATMs, broken into armed government facilities and stolen from teenagers. Fortunately for all victims involved, Jim is a cybersecurity expert with over 20 years in the industry who was hired to perform these attacks by corporations testing their security, and news agencies interested in knowing just how easy it is to commit identity theft. His job is to find security flaws before the real criminals find them and educate people and organizations about what they can do to protect themselves.
Today, Stickley is the CEO of Stickley on Security and can be seen throughout the United States speaking on topics that range from basic identity theft to national cyber terrorism. In addition, Stickley can be seen on numerous TV news programs, is a frequent guest on NBC’s Today Show, and is the security expert featured in LifeLock® infomercials.