It’s another day of the COVID-19 lockdown—day 11, 18, 43? You’ve lost count. You brew some coffee and pull out your phone, already wincing at what the day’s news might bring. But instead of headlines, the first thing you see is an email. It appears to be from Bank of America, offering you a $250,000 emergency business line of credit at 3.56%. All you have to do is complete a quick quote to get started.
You probably don’t need us to tell you this, but for the sake of your company’s future, do not click that link.
As the 2020 coronavirus pandemic rages on we are experiencing more “stress in the system.” With a rush to work-at-home arrangement and cludged together systems its a ripe time for criminals to use the situation to their advantage. They prey on our collective fears and uncertainties to steal money, obtain sensitive information, sell bogus medical products, and sow chaos and confusion. While many scams target individual consumers, some of the most devious and destructive schemes are deployed against organizations.
As a business owner, you need to be on the alert and hyper-wary of potential financial fraud. Thanks to the internet, it can happen to anyone and occur anywhere, at any time. And with billions of people stuck at home right now, cybercrime is perhaps more dangerous than ever.
It gets worse. The people we know are also under stress. And despite our best hopes, some times people do bad things when forced into difficult circumstances. Insider threats remain the number one area of concern – more on that below.
Here are just a few forms of COVID-19-related financial fraud to watch out for:
Remote Work Security Risks
Not all forms of financial fraud come from external sources. Intentionally or not, your employees could be exposing your business to significant financial risk. Their actions—and just as important, their inactions—can lead to theft, embezzlement, data breaches, and more.
Remote working arrangements can compound these risks. If your people aren’t using up-to-date software, haven’t been trained in cybersecurity fundamentals, rely on unsecure network connections, or don’t store and dispose of confidential information properly, you could be in trouble.
Your business needs to have a cybersecurity policy and infrastructure in place, with sufficient governance to enforce it and monitor your employees. Security Magazine offers the following tips:
- Educate employees about phishing and test their awareness.
- Restrict remote workers to the use of company devices.
- Ensure workers use their home networks or other secure networks.
- Limit people’s access to only what’s necessary for completing tasks.
- Make remote work as easy as possible.
- Mobilize the IT department to proactively address threats and patch software often.
- Continually monitor traffic and look out for deviations and interruptions in regular patterns.
- Limit discussion about work to private channels.
- Make sure contractors and vendors follow the same rules employees do.
- Remember that security issues are usually due to human error.
COVID-19 Phishing Emails
If someone is asking you to give your financial information via email, it’s almost certainly a scam. In fact, if anyone you don’t already know is contacting you via email, they’re likely after your money.
Don’t assume every sender is who they claim to be. Interpol warns of “emails claiming to be from national or global health authorities, with the aim of tricking victims to provide personal credentials or payment details, or to open an attachment containing malware.” Keep in mind that an authority such as the World Health Organization (WHO) or the Centers for Disease Control and Prevention (CDC) probably isn’t going to contact you via email.
Phishing messages often use fear and intimidation tactics to coerce their victims. For instance, a scam email may claim that your Social Security number has been “suspended” due to the coronavirus, or offer supposed “safety measures” in an attached PDF that contains malware or spyware.
Scammers want you to think their requests are extremely urgent. Be smart and inspect the message carefully before taking any action. As Norton points out, phishing emails usually contain suspicious-looking links, typos, grammatical errors, generic addresses (“Dear sir…”), and odd turns of phrase (“in fight against corruption in the Banking system and in pursuit to re-build a good relationship with foreigners by the President of the United States of America”).
Do you know all the signs of a phishing email? Take Google’s quiz.
Government Relief Fraud and Other Business-Facing Scams
Businesses of all sizes are feeling the pain of the COVID-19 pandemic. Fortunately, there’s government relief available. Unfortunately, there are also bad actors trying to hijack the situation.
According to the Federal Trade Commission: “If someone calls or emails you out of the blue claiming there’s money available from a government agency if you just make an up-front payment or provide some personal information, it’s a phony.” The government won’t ask for your Social Security number or bank account number. Nor will any agency ask you to pay a fee before giving you money. The government definitely doesn’t need to get paid in gift cards.
The FTC points out a few more scams business owners should be careful to avoid during the coronavirus crisis:
- business email scams—phishing attempts from people purporting to be company executives and using spoofed email addresses
- IT scams—phishing attempts from people pretending to be technology staff or providers
- supply scams—fake websites designed to look like genuine retailers’ sites
- robocall scams—automated phone calls with unsolicited offers, false warnings, and inaccurate information
Fake Cures, Medical Products, and Testing Services
This category isn’t specific to business, of course, but it bears mentioning because it’s widespread and monumentally dangerous to public health and safety.
As of this writing, there is no known cure for COVID-19. Let me repeat: there is no cure for the coronavirus. No vaccine, no antiviral, no magic solution.
Anyone who tries to sell you a pill, liquid, oil, vitamin regimen, or other product that allegedly cures or protects you against COVID-19 is a liar. At best, they’re a well-meaning kook; at worst, they’re a grifter. It’s classic snake oil salesmanship.
Also beware of any testing kit offers or pop-up coronavirus testing sites. Until tests are made more widely available in the US, any non-medical professional offering a test is probably a scammer.
Need help protecting your business during this challenging time? Talk to us. Quantive’s team of financial experts and virtual CFOs can equip you with the tools and information you need to ensure your business’s financial success—now, next month, and next year. Contact us.