While you take care to limit social interactions and wash your hands to prevent the spread of the coronavirus, you also need to take steps to protect your finances and identity. Scammers are now taking advantage of the COVID-19 pandemic to lure victims in with new phishing and vaccine-related scams. For so many of us, the internet is a large part of life—even more so with social distancing and telework these days. Thankfully, we can stay connected with friends and family down the street or across the globe, pay bills, conduct business and even buy new products without leaving the comfort of our homes. And, while it certainly makes these trying times more convenient, it opens us up to some vulnerability.
Phishing remains one of the top ways cybercriminals get access to your identification and financial information. Using phone calls, emails and even copycat websites, scammers are creating content that appears official and related to COVID-19—tricking you into revealing personal information like bank account numbers, credit accounts, Social Security Numbers, login IDs and passwords. At the same time, by clicking a link, you may also unknowingly download malware that infects your computer and captures your data.
As the vaccine rolls out, there’s a lot more vaccine-related webpages out there. While many are legitimate, there are a lot that are fraudulent. These fraudulent pages may attempt to get you to pay for early access to the vaccine or share information to get on a “vaccine list.” It’s smart to be wary of these pages. Wondering what else to be on the lookout for? Here are a few tricks scammers are using in their phishing and vaccine scam attempts:
While the vaccine is new and we’re learning more about it every day, here are a few things to keep in mind to avoid falling for a vaccine-related scam:
- You can’t pay to get early access to the vaccine.
- Nobody will call you about the vaccine and ask for your Social Security Number, bank account or credit card information.
- You won’t be asked for money to improve your vaccine eligibility.
Be skeptical of vaccine offers, who they’re coming from and what they’re offering. For the most accurate vaccine information, it’s best to look at trusted sites like those of the FDA or CDC, or by speaking directly with your doctor.
Names of Real Companies
Phishers often use legitimate company names and copy the look of official websites and emails to fool you. Right now, they’re even sending out correspondence that looks like it’s from the World Health Organization, local governments, or other trustworthy sources.
If the attack is email-based, they may even make it appear the email is from an actual employee of the agency or company. Be wary of unexpected emails from a “company employee” looking for information.
Threats and Urgent Messages
Many fraudsters try to use scare tactics to obtain information by threatening something like the deletion of your account if you don’t respond. Don’t be fooled.
Sometimes the URL (web address) will look right, but instead of taking you to your intended website, it will lead you to a copycat website. Check to see if the URL begins with https://, which indicates a site is secure. Most phishing scams won’t have a secure website. Never click on a URL within an email; instead, type the official URL into your browser.
Wire Transfer Requests
Phishing attempts extend to wire transfers, too. While those who are closing a new home are typically top targets for these particular scams, anyone is vulnerable. In these scenarios, a scammer sends what appears to be a legitimate email requesting a wire transfer to cover title, escrow or any number of other costs. Unfortunately, money you transfer as a result of the fraudster’s email ends up in the fraudster’s bank account—and you’re not likely to get it back. If you receive such a request, call your financial institution to verify that it has made this request.
Regardless of the tactics used, you can take these steps to protect yourself from phishers:
- Set up your accounts for success. Taking simple steps like using strong passwords (never the same for different sites), setting up transaction notifications* and ensuring your contact information stays up to date with your financial institution are all easy ways to enhance your online security.
- Call and verify. If you have reason to believe something is amiss, call the company to verify. Be sure not to use a number provided in a suspicious email or even in the Caller ID. Use numbers on your statements or policies or from the official website.
- Look for bad spelling. Large companies and organizations use professional writers and editors. Phishing emails often have unnatural or incorrect grammar and misspellings. Keep an eye out for grammar and spelling mistakes.
- Beware of links. Did you get an unexpected email telling you to sign in to take care of a problem or get a bonus? It pays to be wary of emails you’re not expecting. If you’re suspicious of an email, don’t click on any links or buttons in the email. Hover your mouse over the link and see if the address that appears matches the link typed in the message. If it doesn’t match, don’t click on the link, as it could take you to fraudulent websites or download malicious software.
- Read your statements. Look closely at your monthly financial statements. This can help you detect fraudulent transactions faster if your identity is stolen.
- Increase your security. If you engage in online financial transactions, frequently updating personal firewalls and security software installed on your computer is essential to keeping your information safe.
- Use a different computer. If you find fraudulent transactions on your account or suspect your info has been compromised, use a different computer to change your passwords. And, make sure you notify your financial institution right away.
If you believe you’ve received a phishing message from “Navy Federal,” email us at firstname.lastname@example.org and include the original message when possible. If you believe you may have responded to a phishing request, please contact Navy Federal immediately at 1-888-842-6328. Call us collect internationally at 703-255-8837. Visit our Security Center to learn about other ways to protect your information and accounts.