How You Can Protect Yourself from Fraud Related to COVID-19

How You Can Protect Yourself from Fraud During COVID-19

In the wake of the COVID-19 crisis, the U.S. government has established several financial stimulus programs, including the Coronavirus Aid, Relief, and Economic Security (CARES) Act which was signed into law on March 27, 2020. 

As part of the CARES act, many taxpayers are slated to receive an economic impact payment of up to $1,200 from the IRS. Unfortunately, the announcement of these payments has initiated numerous fraud schemes that are designed to trick taxpayers into giving all or part of their relief money to criminals. 

The SDSU News Team spoke to Jim Vogt, a certified fraud examiner and an accounting lecturer in the Fowler College of Business, to discuss some of tactics used by fraudsters and how you can avoid being scammed.   

Q: What types of fraud are you seeing related to the current global pandemic?

Unfortunately, the types of pandemic-related fraud that are surfacing are numerous, beginning with emails or texts that are either fake or intended to gather personal information. We are seeing phony emails or texts from organizations such as the World Health Organization (WHO), Centers for Disease Control and Prevention (CDC), Medicaid, Medicare, or charitable organizations. Within these emails, scammers may use links or attachments to deliver malware intended to steal personal information or lock your computer and subsequently demand payment. Fraudsters use these fake communications or fake websites (such as sites or apps claiming to track COVID-19 cases) to infect or lock your computer and then demand “ransom” payments.

We are also seeing phishing that attempts to gain access to personal or financial information. These emails or texts may ask you to input or verify your personal information in order to receive or expedite your stimulus check, loans or other benefits. While the stimulus plan has passed and been signed, the IRS or other government agencies will not send unsolicited emails, texts or make phone calls to gather or verify your personal information. Similar emails or communications may:

• Solicit fraudulent charitable contributions
• Offer access to loans or relief
• Offer airline refunds
• Offer investment opportunities
• Offer fake cures, vaccines, testing kits and products to protect against COVID-19
• Offer unapproved or counterfeit Personal Protective Equipment (PPE)
• Even offer protection against fraudsters (oh, the irony; yes, fraudsters will pose as fraud fighters and attempt to get information or payment to help protect you from fraud threats!)

Q: Is this type of fraud typical in such an unprecedented situation?

Sadly, the emergence of increased fraud in the wake of disaster or crisis is very common and predictable. In fact, it is so common that a federal agency, the National Center for Disaster Fraud (NCDF), was created in 2005, in the wake of Hurricane Katrina, specifically to deal with this. Since then, the NCDF has received over 90,000 fraud complaints relating to disasters such as hurricanes, flooding, wildfires, tornados, chemical spills and explosions, earthquakes, and now, pandemics.  

Q: What are some of the most recent tactics used by fraudsters surrounding the stimulus checks?  

Some of the tactics related to stimulus checks that may be used by fraudsters include:

• Communications emphasizing the words “stimulus check” or “stimulus payment.”  Please note that the official term used by the IRS is “economic impact payment.”
• Offers to expedite the issuance or receipt of any economic impact payment.
• Asking taxpayers to sign over their economic impact payment to them.
• Request for information or verification of personal and/or banking information “to receive or expedite any economic impact payment.”
• Mailing a bogus check to the taxpayer and instructing the taxpayer to call a phone number or verify information online in order to cash or deposit the check.  

Q: Are there organizations who can help expedite payment if the IRS stimulus check has not been received yet? 

There are no known organizations that can help expedite IRS payments. To check on the status of an economic impact payment, visit the IRS website. 

Q: If we receive a phone call, email or direct mail from the IRS, how can we authenticate it?

In almost all cases, the IRS will make their initial contact through the U.S. Postal Service. Rarely will the IRS contact the taxpayer by phone, but never through email or text. In the rare event that an IRS representative contacts a taxpayer by phone or in person, official letters, or notices, will generally have been sent earlier by mail. IRS representatives can always provide two forms of official credentials – a pocket commission and a Personal Identity Verification Credential (PIV).

Q: What are some of the best ways to identify a fraudulent message?

One good practice in reviewing email messages for potential fraud is to hover your mouse over email addresses or links to identify the email source or destination. These links are often disguised. However, taxpayers should not click on any links contained in emails or texts. Here are some tactics scammers often use. Knowing these techniques will help you to avoid placing yourself in peril:

• Phishing email messages and texts often look like they are from an organization you know and trust, such as banks, credit card companies, social media sites, online payment websites or apps, or online stores. They may even include logos or images that appear legitimate. These emails typically include a generic greeting and ask you to click on links to update information or payment details. 
   
• Fraudulent emails or texts are often designed to create concern or urgency to trick you into clicking on a link or attachment. The emails or texts may tell you that there has been suspicious activity or log-in attempts. They may also state there is a problem with your account or ask you to provide or confirm personal information and include a fake invoice or amount due. Beware of emails or texts that ask you to click on a link for assistance, more information, or to make a payment. 

Here are some tips to protect yourself from fraud and scammers:

• Even if a communication appears to be from a sender you know, check the email address of the sender for authenticity.
• Never provide your user ID, password, date of birth, social security number, or other personal or financial information in response to an email, text, or phone call you have received. If you did not make the call, do not provide any personal information, even if the caller appears to know you or have some of your personal information.  Fraudsters will often use these tactics to appear known to you or to fill in gaps of personal information obtained by other means.
• Be wary of any business, charity, or person requesting donations or payments in cash, by wire, or gift cards.
• Protect your computer with security software and set it to update automatically.
• Set your mobile phone to update software automatically.
• Use multi-factor authentication, whenever available.
• Protect your data by backing it up, preferably to a destination not connected to your home network.
• If you suspect a phishing attack or an attempt to access your personal information or accounts, ask yourself, “do I have an account with this organization?”, or do “I know the person that contacted me?”

Q: What is the best resource to report suspected fraud? 

If you believe that you are the victim of an Internet scam or cybercrime, or to report suspicious activity, visit the FBI’s Internet Crime Complaint Center. Other places to report suspicious activity include:

• Federal Trade Commission
• For suspected IRS Impersonations
• For suspected disaster-related fraud: Call the NCDF hotline at 1-866-720-5721 or email [email protected]