Fraud in the Time of COVID-19: How to Avoid Becoming a Victim

By Tom Van Hemelryck, Idaho Regional President, WaFd Bank

As the coronavirus pandemic stretches on, fraudsters are stretching themselves and working harder than ever to separate people from their money. Today’s new reality has expanded opportunities for scammers to exploit Americans by preying on their heightened anxieties around finances, health and overall uncertainties. Now more than ever, we must be on alert to avoid falling victim and adding fraud to our list of worries.

Bad actors have long targeted the banking activities of consumers and businesses for their gains, and when successful, these fraudsters can clean out accounts and leave victims with little chance of restitution. Unlike credit card fraud, where consumers’ maximum liability under federal law is $50, financial fraud and identity theft can come at significant cost and require considerable time to rectify. The best course of action to avoid fraud is to be vigilant and recognize scams as they cross your path.

Common threats repackaged under COVID-19

Most consumers know what phishing is — seemingly legitimate emails designed to get recipients to reveal personal identifying or account information. Such attempts also happen via phone (“vishing”) or via text or SMS (“smishing”). In his recent warning to Idaho residents, state attorney general Lawrence Wasden cited such tactics as a growing concern.

Emails purported to share important COVID-19 information from the Centers for Disease Control, the World Health Organization or other reputable healthcare organizations are often the work of bad actors. Clicking on links may open you up to the delivery of malware, which could compromise the security of your login credentials or payment details for certain websites. To check the validity of a link, hover over it to read the URL and look closely to ensure it is an exact match for the legitimate site. Even better, type in the legitimate website for the organization in question to check for the latest news and developments, as sites are updated regularly in the current situation.

Telephone or text message scams also persist. Many may tout that they are tracking COVID-19 in your area, and you can push a button or click a link to see if you’ve been exposed — but taking any action can open you up to fraud. No such services are in use, and it remains a best practice to ignore unknown callers or block and report them as spam.

Another tactic common among fraudsters is an account takeover, where a consumer’s personal information is used to target the victim’s banking activities. Such an attack may be made possible by data breaches that we hear about in the news. But today, some might come from information gleaned in COVID-19-related scams. For instance, you may be contacted by email or text about a stimulus check ready to deposit into your account, but you must first provide personal or account details; know that no bank or government agency would ever make that type of request. Scammers are also trying scare tactics and claiming that your bank is limiting or has security issues with deposits, so you need to provide your information immediately. A sense of urgency is a trick of a fraudster’s trade, so instead, call your bank’s customer care number or visit its website to check for any important notices. Guard your personal and account information, and only provide it in calls that you initiate with a banker you trust.

If it sounds too good to be true, it probably is.

As the number of cases of COVID-19 has grown in the U.S., fraudulent websites and products geared toward capitalizing on the crisis have multiplied. The U.S. Department of Justice has warned Americans of an increasing number of bad actors setting up websites in the name of charity to collect personal account or credit card details while raising funds for themselves or unleashing malware. Instead of donating to a new charity or an organization collecting on behalf of a well-known nonprofit, get in touch with the reputable charity directly to learn how to contribute.

Given the uncertainties around the coronavirus, fraudsters know that people want to find a solution to the current situation and fast. Online marketplaces are rife with counterfeit products, such as home vaccination or test kits, masks, hand sanitizer and other items. While scientists are rushing to find proven, effective treatments and develop a vaccine for COVID-19, the disease currently has neither given its novelty. Additionally, if mass quantities of hard-to-find items are available online, chances are high that the items are not of the quality they should be. Scammers are not only cashing in on consumers’ wishful thinking, but they’re collecting valuable financial details in the process. Claims are likely too good to be true, so avoid taking the bait.

Financial partners have a role in protecting data.

Keeping your sensitive personal — or business — information safe and secure is a team effort between you and your financial partners. While tools like firewalls and spam filters can be critical in helping to keep out fraudsters, human activity can be the weakest link in cybersecurity defenses. Consumers are bombarded with information via many channels, but it is important to remain guarded when responding or sharing any details. Among banks and other financial partners, cybersecurity education throughout the organization is paramount.

All banks are required to provide annual compliance training to educate their employees on phishing, proper password practices, secure storage of confidential information, etc. At WaFd Bank, we also have a layered defense model in place to protect customer data, and we test our employees to ensure they know how to spot common scams. On a monthly basis, the IT security team launches fake phishing campaigns urging recipients to click suspicious links or provide confidential data, and anyone falling victim receives additional security training.

Take some time to learn about your bank’s approach to cybersecurity. Start with customer-facing employees, who should be able to answer basic cybersecurity questions and help you understand common fraud risks and emerging threats. Inquire about additional layers of protection that may be available to you and your accounts. You will want to develop an understanding not only of measures used to keep your funds and information safe and secure, but what types of ongoing efforts are in place to ensure a strong culture of security and a commitment to maintaining awareness of the latest threats. And, be sure to learn what you would need to do to report instances of fraud to your financial partners, as quick action may help contain the damage.

Given that so much of our financial lives are managed via digital channels, particularly under current restrictions in place due to COVID-19, risks to consumers and business owners are ever present. No single method to cybersecurity is fail safe, but vigilance, collaboration with your banking partner, and a commitment to staying abreast of developing threats can help keep you a step ahead of scammers.

Tom Van Hemelryck is a banking industry veteran and has been in this business for more than 30 years. As Idaho regional president, Van Hemeryck oversees WaFd Bank’s commercial and retail banking at 24 locations throughout Idaho. WaFd Bank is the second largest national bank headquartered in the Pacific Northwest, with over 1,900 employees and 234 branches across eight western states.