Back to Insights  /  Read More About Cybersecurity

Scammers Pretending to be IRS, Banks, Charities

James A. Arcoraci, CRPC®

10/05/2020 — Download

We are in the midst of a national emergency. The government is offering benefits to victims; your new way of business is requiring new, unfamiliar technology; and uncertainty is driving you to new apps and websites in search of information to help you stay afloat—all of which are being seized upon as new opportunities by cybercriminals.

Criminals are scamming individuals and businesses of their money and data through a myriad of tricks. Current scams are related to:

  • The IRS or CARES Act
  • Stimulus Payments
  • COVID-19
  • Charitable giving sites
  • Current updates – statistics and/or heat maps
  • Early vaccine / treatment access
  • Problems with a Bank Account or Credit Card
  • Investment Opportunities
  • Blood Donation

 

Here is what cybercriminals are doing:

Method 1: Masquerading

Cybercriminals are exploiting the necessity for individuals and businesses to deploy new IT resources and methods to conduct work remotely such as VPNs, screen sharing technologies, and remote meeting software. Criminals are developing malicious tools that appear legitimate. Unsuspecting users, in search of a tool to facilitate their needs, instead download a malicious VPN agent. It is important to discuss any new IT resources you are considering with a professional who can advise you not only on the best, but the most secure tools.

Also, as your business operations change, cybercriminals are waiting to involve themselves in the process. Man-in-the-middle attacks involve criminals intercepting emails detailing payment instructions and bank account numbers and re-routing them to off-shore bank accounts before forwarding the email to the recipient. The sender and recipient are none the wiser until they discover that the money is gone.

Method 2:  Phishing/Vishing/SMishing using COVID-19 themes

Attacks may come in the form of fraudulent emails (i.e., “phishing”), text messages (i.e., “smishing”) or voice calls (i.e., “vishing”). These attacks may take advantage of users by posing as the following:

  1. The IRS
  2. Charitable agencies
  3. Tech Support

 

Remember, the IRS will NEVER call, text, or email you for payment or bank account information, nor will other government agencies. Scrutinize every unfamiliar call, text, or email and avoid disclosing your personal information.

Method 3: Fake Mobile Applications

Cyber criminals understand that we regularly download apps to facilitate our daily needs. There have been multiple cases of malicious Android applications claiming to offer information about the virus or to accommodate your business needs in these times of uncertainty. But all they really offer is attackers the opportunity to spy on you, steal information, or ransom your data.

Method 4: Malicious and Fraudulent Websites

The Palo Alto Networks threat intelligence team notes that over the past few weeks more than 100,000 websites have been registered containing terms like “covid,” “virus,” and “corona.” Many of these websites are used to deploy malicious software that can threaten your business operations and data security or trick you into thinking you are applying for stimulus loans through its interface. Some websites spread false information to create unnecessary action or panic. Such risks can be avoided by using only trusted sources.

Do the following to protect yourself from becoming a victim of a fraudulent attack:

  • Use extreme caution when dealing with any email with a subject line, attachment or hyperlink pertaining to COVID-19.
  • Be cautious when dealing with an email, text message, social media post, or phone call with a subject line or topic pertaining to a COVID-19 related matter.
  • Use only TRUSTED Sources, such as known government websites, for updated information on COVID-19.
  • NEVER trust a hyperlink in a communication stressing urgency, such as a warning about a severe problem pertaining to financial information—i.e. bank account, credit card or the IRS.
  • Verify that the contact information is from a trusted source—for example, the toll-free phone number on the back of your credit card.
  • If you visit a website, open it directly from your computer or a previously used App on your SmartPhone instead of from the requesting email.
  • Never provide any identifying number over the phone, such as your Social Security number, Your Medicare ID number, your driver’s license number and your bank account number.
  • If you need to implement new technology or processes for your business or personal life, consult a professional.

IMPORTANT DISCLOSURES

The information included in this document is for general, informational purposes only. It does not contain any investment advice and does not address any individual facts and circumstances. As such, it cannot be relied on as providing any investment advice. If you would like investment advice regarding your specific facts and circumstances, please contact a qualified financial advisor.

Any investment involves some degree of risk, and different types of investments involve varying degrees of risk, including loss of principal. It should not be assumed that future performance of any specific investment, strategy or allocation (including those recommended by HBKS® Wealth Advisors) will be profitable or equal the corresponding indicated or intended results or performance level(s). Past performance of any security, indices, strategy or allocation may not be indicative of future results.

The historical and current information as to rules, laws, guidelines or benefits contained in this document is a summary of information obtained from or prepared by other sources. It has not been independently verified, but was obtained from sources believed to be reliable. HBKS® Wealth Advisors does not guarantee the accuracy of this information and does not assume liability for any errors in information obtained from or prepared by these other sources.

HBKS® Wealth Advisors is not a legal or accounting firm, and does not render legal, accounting or tax advice. You should contact an attorney or CPA if you wish to receive legal, accounting or tax advice.


Cyber attacker