Pandemics are a cyber thief’s dream come true.
Hackers prey on the vulnerable — and with a contagious virus and an uncertain economy, we all become vulnerable.
The ability to think rationally dissipates with a worried mind. In times of survival, the everyday focus shifts to keeping a roof overhead, food on the table, and staying alive. Guards are let down. Things that would have normally been questioned before are suddenly overlooked.
Scammers know this. They take advantage of this.
Don’t fall victim to their traps.
Hackers are having a field day with Covid-19. The cruelest thing about scammers is they will kick you when you are down. People are working remotely and are no longer protected by their office’s cybersecurity standards. Unemployment is rising and people are desperate for jobs and money. Cyber criminals often target those they deem susceptible to being taken advantage of.
So how can you protect yourself?
Always check the sender of an email.
Did Facebook tell you you’ve been logged out, and you need to click this link to log back in? Did PayPal tell you your account has been compromised, and you need to click here to verify your identity? Did your bank tell you your settings have expired, and you can update them here?
Not so fast.
Phishing is when a scammer sends fake emails in order to gain access to your personal information. Always, always, always check the sender address. Phishers are clever and most of the time make the email address look believable. Instead of an official email from Google coming from @google.com, they might make the email from @help.support.google.
How can you be sure it’s actually from the sender they claim to be? Search the email address online. Visit the official website of the company and see what their official email addresses are. When in doubt, do not click any links. Make any updates from the secure website itself. It’s better to assume the email may be a phishing attempt and take a moment to do a little research, then to click a link that may contain a virus or to enter your personal information on a non-secure website. Automatically assume the email is suspicious until proven otherwise.
Make sure the job posting is actually real.
With the high unemployment rate due to the pandemic, scammers are having a field day. They know millions of people are searching for work right now and overall experiencing feelings of desperation. As a result, an uptick in fake job listings are being created in order to get your personal information or steal money from you. If you receive an email from a company saying they are recruiting you, check the email address. Visit the company website to see if the job is listed on there. If you see a career opportunity on a job posting website, make sure the information matches up with the actual company. Furthermore, make sure the company exists at all.
Cyber criminals take advantage of the fact many new jobs are 100% remote. Since you never have to come in person to interview or start the job, it is easier for them to trick you. A common scam is when you will undergo an “interview” process, followed by being offered the “job.” In order to begin the job, however, they tell you that you need certain equipment for your home office. You are told to order this equipment using your credit card or by writing a check, and you will be reimbursed. That’s where the trick is. You send them a check and they either never send you the equipment, or they “reimburse” you using a fake check which will bounce. If you used your credit card to buy the equipment from them, they now have your credit card info. Bottom line: if a “company” is asking you to make a purchase using your own money before the job even begins, it’s likely a scam.
Another popular trick is the “employer” will say they need your personal information in order to register your application. Asking for your month and date of birth, location, and full name are normal. Asking for your birth year and full social security number are not. Never, ever give out your full social security number unless you are legitimately being hired at a legitimate company. If the personal information the employer is asking for doesn’t feel right, trust your gut and ask for proof.
Take caution with contract work as well. Maybe they aren’t hiring for a full time position, but for freelance or part time work. If this is the case, like with any work, make sure a contract is signed by both parties. Read every word on the contract and ask a legal professional to review it as well. If the employer refuses to provide a contract or accept the freelance contract you sent, that’s a major red flag. Without written agreement, they don’t owe you anything. This may result in your providing free labor and not getting paid, or it could be a scam in general.
Recognize if a call is suspicious.
The internet isn’t the only place scammers may try to reach you. Some will call you directly.
Never give personal information over the phone. If you receive a call from your car insurance company, ask yourself – have they ever called you in the past? Ask for proof they are actually who they claim to be. Most banks, phone service providers, and other companies would not call you directly if there was an issue. They would first send you an email or app notification. Assume any call is actually a scammer until proven otherwise.
Recently, many people have been getting calls from a scammer posing as an IRS employee claiming a payment needs to be made today or else there will be repercussions. NEVER give your credit card number or social security number over the phone.
Another popular scam is when they call and let you know you are a winner of some sort. They may use a well known brand name like a major hotel chain. Scammers know people are in need of money during these times and are more susceptible to believing they actually won a cash prize. Resist answering the call if you are not familiar with the phone number. If it was important, they’d leave a message. If you do answer and the call seems automated or fishy in any way, hang up.
Not sure if a phone number is legitimate or not? Run a quick Google search of the number first before picking up.
Do not allow remote access to your computer.
A recent common scam is a hacker that poses as an antivirus service, or as Microsoft or Apple. They will tell you that your antivirus software needs updating, or that your computer has a virus and they can help. Do not give remote access to your computer controls. Only purchase or renew antivirus software directly through the website of an established antivirus company. Do not give out your credit card info to anyone promising they are from one of these companies. I assure you Apple or Microsoft would not contact you directly asking to take over your screen. If there was an actual issue with your computer, you would be the one to bring it into the store or call them – not the other way around.
Keep your accounts secure.
Two-step verification is the extra step that keeps hackers out. With two-step verification, even if a hacker figured out your password, there is an extra layer of security. Any time a new login is attempted, a unique pass-code is sent to the email or phone number your account is associated with. It’s another step to keep your account safe and will deter hackers who are trying to get in by guessing your password, so make sure you activate two-step on all your social media accounts and email addresses.
Speaking of passwords – you should be updating yours at least once a month for all accounts. Do not use the same password for all your accounts, or passwords that are similar with just a change in number or letter. In that case, if a hacker knows your password for even one account, they can get into all your accounts. Each password for each account should be unique and difficult to guess. For example, don’t make your password something like your dog’s name or your birth year – that’s easy for hackers to figure out just by researching public info about you. Make your passwords a random assortment of uppercase and lowercase letters, numbers, and special characters.
Frequently check your login activity. Platforms such as Instagram, Facebook, and Gmail can tell you when you last logged in and from where. If you’re living in Los Angeles and use an iPhone but see there was a recent login from Bangkok at 2:00am on an Android, clearly something is wrong. Immediately log out of all devices and change your passwords. You can log out from all devices anywhere in the world with the click of a button. Quickly update your password before they can get back in. If suspicious login behavior continues, report it to the platform.
Be wary of social media platforms “contacting” you.
A scam that has been on the rise over the course of the pandemic is when you receive a Whatsapp or text message from a phisher posing as Instagram or another social media platform. The message reads that your account has been compromised and you need to follow this link to log in. When you follow the link, you are prompted to enter your username and password. This is how the scammer learns your login info. From there, they take over your Instagram page and hold it hostage. They may direct message your followers asking them for money, or they may demand you pay them directly to get the account back. Instagram can pick up on this suspicious behavior and shut down your page entirely, resulting in you losing everything.
This scam usually targets influencers and accounts with large followings since these pages are valuable, but remember that anyone can be targeted at any time. Know that social media companies like Twitter, Instagram, Facebook, Youtube, and so on would never reach out to you over something like Whatsapp. Only update your password / profile info directly in the website or the app – not through an external link you were sent.
Educate and protect your family.
Since hackers are savvy, they recognize that you yourself may not open a suspicious email – so instead, they target your family members. The scammer may find the email address of your sibling, child, or parent and pose as you. They can either hack your personal email or create an email address similar to yours and contact your family members pretending to be you, making the subject line something like “Check out these photos of us!” or “I thought you’d be interested in reading this article!” But when the email is opened and the attachment or link is clicked, it actually leads to a virus.
Keep your loved ones informed and train them to be alert and vigilant when it comes to cyber thievery. Share this article with your friends and family to help educate and protect them so they do not fall victim to a scam.
When building digital strategies and expanding the online presences of my clients, I assure all accounts are secure and protected. If you are unsure if you are being scammed or want to know how you can improve your online security, reach out to me on the Contact tab.
Amanda Weisman 