The Federal Bureau of Investigation warns that cyber scammers are leveraging the coronavirus (“COVID-19”) to steal money, personal information, or both through phishing emails, fake Centers for Disease Control and Prevention emails, and solicitations selling counterfeit treatment, masks, and respirator equipment. See the FBI’s March 20 alert here. Business email compromise continues to pose a significant risk to companies and individuals, particularly in the work–at–home environment and with closings occurring virtually. Good cyber hygiene is essential to avoid loss.
Fake CDC Emails. The FBI cautions that fraudsters are sending emails claiming to be from the CDC or other organizations offering free information on COVID-19 and requesting that interested persons click on the link to receive the data. The fraudsters then use the links to deliver malware to steal personal information or lock your computer demanding payment for release.
Phishing Emails. Fraudsters are using emails to verify personal information in order to receive economic stimulus checks from the government. With Americans on the lookout for stimulus checks, the FBI warns that the government IS NOT using unsolicited emails seeking private information to send money. Other phishing emails on the rise seek fake charitable contributions and offer general financial relief, airline refunds, fake cures, vaccines, and testing kits.
Counterfeit Treatment or Equipment. The FBI instructs online users to be cautious of sellers of products claiming to prevent, treat, diagnose, or cure COVID-19. The FBI is seeing emails selling counterfeit sanitizing products, respirator masks, goggles, face shields, protective gowns and gloves. More information on unapproved or counterfeit personal protective equipment may be found on this CDC webpage.
Business Email Compromise. The FBI’s 2019 Internet Crime Report announced that in 2019, the Internet Crime Complaint Center received 23,775 business email compromise complaints with adjusted losses of over $1.7 billion. See the FBI’s summary report here. Business email compromise involves fraudsters targeting businesses and individuals performing transfer of funds. With so many in America working remotely at home offices and deals closing virtually, fraudsters recognize the opportunities presented by social distancing in the work environment.
Good Cyber Hygiene. The FBI reminds us that it is essential to use good cyber hygiene. Do not click attachments or links from senders who you do not recognize. Do not provide usernames or passwords in response to an email to confirm information in an email that may be from a scammer or robo-emailer. Manually type web addresses into your browsers. Title companies, law firms, and virtually every business in America conducting business by wire and fund transfers must be ultra-vigilant and aware of the risks from business email compromise. The best steps that parties can take to avoid business email compromise losses are precautionary, rather than reactive. Educate employees to double check email addresses providing wire instructions, place verification calls to business owners, and confirm the authenticity and accuracy of email instructions verbally, not by email. Companies should consult with their financial institutions and make sure that multiple steps and security protocols are in place before wires are transmitted. Companies and financial institutions of all sizes should maintain relationships with local FBI contacts, who can assist in freezing funds and tracking the fraudsters.
The new normal requires companies and individuals to be extremely vigilant online and maintain good cyber hygiene. For additional guidance on cybersecurity measures to consider in the wake of COVID-19, see Troutman Sanders’s publications, COVID-19 Warrants Modified Cybersecurity for Work-At-Home and Cybersecurity Tips to Prevent Your Business from Becoming COVID-19’s Virtual Victim. Both publications are also available through Troutman Sanders and Pepper Hamilton’s dedicated COVID-19 Resource Center, available here. The page is regularly updated with COVID-19-related news and developments, recommendations from leading health organizations, and tools that businesses can use free of charge, including an interactive map tracking state business impact.
The FBI encourages all victims of internet and online cyber crimes to file complaints with the Internet Crime Complaint Center (www.ic3.gov).