5 Coronavirus Scams That Are Still Out There

Ever since the coronavirus reared its ugly, germ-filled head, scams started appearing on just about every platform, from Facebook to Amazon. That’s not surprising, given that any time there’s a major event—from natural disasters to the pandemic—that touches hundreds, thousands, or thousands upon thousands of people’s lives, criminals will attempt to use it as a pretext for scams, says Alex Hamerstone, GRE practice lead at TrustedSec, an ethical hacking firm hired by Fortune 500s to try to hack into networks and employees to prevent real attacks. “Coronavirus also preys on people’s fears, so it really is the perfect storm for a scam pretext,” he says.

Here are the coronavirus scams you should be on the alert for:

RELATED: Why you shouldn’t share photos of your COVID-19 vaccine card

Fake vaccination offers

Yes, it’s difficult to snag a coveted vaccine appointment. Yes, there may be many people in the virtual line in front of you. So naturally, there are people out there advertising quick and easy access to shots. But remember, if it sounds too good to be true, it probably is. Don’t respond to any ads for vaccines on social media posts, on websites, or via phone calls. Anyone offering to ship you a dose of the vaccine is attempting to scam you. The Department of Health and Human Services (HHS) cautions to be wary of anyone asking you to pay out of pocket to get on the vaccine waiting list or to get your actual shot; in fact, both should be free of charge. If you do suspect any health care frauds relating to the vaccine, call the HHS Fraud Hotline at 800-447-8477. COVID isn’t the only scam in town, though.

A promise of a faster financial stimulus

For those who were laid off, had their hours scaled back, or had to take on additional health, childcare, or other expenses, the year has been financially challenging. So it’s no surprise that within days of announcing the $900 billion economic relief package on December 21, there were scammers attempting various schemes, according to the Better Business Bureau. And they’re not going to stop, especially now that the American Rescue Plan Act of 2021 passed in early March. If you get an email or a text asking you to click on a link to request a benefit payment, prompting you to enter personal information; don’t. It’s a scam phishing for personal info, the BBB says. Or, some scammers, pretending to be from a government agency, may reach you on the phone and share the premise that once you pay a small processing fee, you’ll receive your stimulus check faster or it will be for more money. If you receive this or a similar call, hang up immediately.

A fake email from a contract tracer

If you get a text or an email from an alleged contract tracer telling you that you were exposed to someone with COVID-19 with a link to click on, don’t. In this type of scam text or email, clicking on that link could download malware to your phone or computer. The Justice Department and the FTC note that real text and emails from the government don’t include any links. Consumers should look at the return path in the email to see if it really does originate from their local or state government or other official entity, says Karim Hijazi, CEO of Prevailion, a company specializing in intercepting data from hacker networks. “Hackers can easily spoof any domain they want in the email header that shows up in your inbox, but they can’t do that with the return path,” he says. “If the return path shows a different domain or email address, then you know it’s a trick.”

A fake email from the CDC

Another email sender that should immediately raise red flags is anything from the U.S. Centers for Disease Control and Prevention, WHO, or other health agencies and insurers, says Hijazi. “Nowadays, cybercriminals have a lot of resources at their disposal, so even less sophisticated crews are able to carry out rather advanced phishing campaigns,” Hijazi says. They can buy phishing kits and malware tools online, rent botnets to launch their attacks, and find bulletproof hosts to support their malicious domains. “What the average person needs to realize is that phishing emails may look identical to the real thing,” he says.

A fake website

Even if a website looks legit, it’s possible that it’s a dupe. “Cyber scammers use a technique called ‘combosquatting’ to create malicious websites that may appear to be a legitimate domain,” Hijazi says. Often they’ll hyphenate or add a period after the business name, then insert a new word like “vaccine” and instead of .gov use .net to create an entirely new domain; for example, CDC.gov could be changed to CDC-vaccine.net. “To the average person, that will appear to be the real website of the CDC, when in actuality, it is an entirely separate domain controlled by the hacker,” Hijazi says. If companies don’t register all the combinations and variations that can be created from their website domains, they leave their users exposed to this type of scam. Hijazi suggests checking the WHOIS registration of a website to verify the real owner.

How to avoid getting scammed:

Don’t respond right away

“Scammers depend on you reacting before you can carefully consider things,” Hamerstone says. Instead, think for a bit and try to discern whether the offer is too good to be true or if anything sounds odd (i.e. a name or word is misspelled, the grammar is incorrect, etc.). Then, ask a friend or family member to offer a second opinion. Watch out for these 10 phone call scams that can steal your money.

Go straight to the source

If you get an email that raises red flags, don’t click on any links contained within, Hamerstone says. Instead, go straight to the organization’s official website. The same goes for phone calls; instead of responding directly and giving personal or financial info to the person on the other end of the line, call the company back on its mainline to make sure the offer is legitimate.

Does it pass the smell test?

“There is a very simple way to spot a scam,” Hamerstone says. “Does it pass the smell test?” This means, ask yourself: Is this offer too good to be true? Is this an unsolicited communication on social media, your phone, or email? “People are used to doing everything online these days, but always remember that the government does not send you attached files,” Hamerstone says. Translation: the CDC is not going to email you a PDF or Word document with data about local infections in your area, and your state health department is not going to send you a zip file or request your social security number over email.

Sources:

• Alex Hamerstone, GRE practice lead at TrustedSec
• Karim Hijazi, CEO of Prevailion
• Department of Health and Human Services: Fraud Alert: COVID-19 Scams
• Federal Trade Commission: COVID-19 Contact Tracing Text Message Scams