The pandemic changed our lives and society in so many ways. As a result of COVID-19 most of us now work, go to school, worship, have medical appointments, attend funerals and weddings, and socialize, all online. If the stress of a global pandemic was not bad enough, criminals sought ways to profit from these unprecedented changes to our lives. Cyber-based crimes increased to levels never previously seen. The impact of COVID-19 on security is certainly extensive. In fact, the FBI’s (Federal Bureau of Investigation) 2020 Internet Crime Report, refers to what is happening as an “Internet crime spree.”
Our increased dependency on technology is surely one contributing factor to this alarming increase. Almost 4.66 billion people were active internet users as of October 2020. The impact of COVID-19 to security is truly mind boggling, as the following reports and headlines show:
Fight Security Fatigue
Are you feeling pandemic fatigue? The impact of COVID-19 is lasting longer than most of us expected. Consequently, the prolonged effort to contain the virus may make us feel tired or burned out from safety measures. As a result, we may become less likely to follow public health safety practices. Or we may simply begin to tune out those messages. The same can happen with how we view cybersecurity. It takes sustained effort to protect our personal information, and we may be tired of taking measures to keep it safe. In effect, we begin to experience security fatigue. However, we must remain on guard. The pandemic is providing the perfect cover for cybercrime, as can be seen in the alarming statistic from First Orion that criminals were able to get 270% more personal information in 2020 than in 2019 via vishing or phone scams.
If vishing is an unfamiliar word to you, we define it as the practice of eliciting information or attempting to influence action via the telephone. For instance, scammers may call pretending to be employees of a government agency such as the Department of Health & Human Services. Additionally, they may call pretending to be a company you do business with, like Amazon, or one that can fix your computer, such as Apple. Two specific vishing scams that show the current impact of COVID-19 on security are COVID-19 and tech support scams.
COVID-19 contact tracing and testing scams dominated 2020 and continue to do so in 2021. Of course, with vaccines now available, vaccination scams are proliferating. When scammers call what personal information are they hoping to get? They want information such as:
- Date of birth.
- Social Security number.
- Personal health information, including Medicare and/or private health insurance information.
Bad actors can then use this information for future medical insurance or identity theft schemes. They may also ask for credit card or bank information, to cover the cost of the phony vaccination or test.
Tech Support Scams
In addition to COVID-19 vishing scams, criminals also successfully use tech support themed scams. In this scam, you get a phone call from Apple or Microsoft saying there’s a problem with your computer that they can fix. When scammers call under this ruse, what personal information are they hoping to get? The Federal Trade Commission (FTC) informs they want such things as:
- Remote access to your computer. This gives the scammer access to all the information stored on it and any network connected to it.
- To install malware, which gives them access to your computer and sensitive information like usernames and passwords.
- Credit card information to bill you for phony services, or services that are free elsewhere.
In both of these scams, criminals use fear to create a sense of urgency which causes you to act on impulse. Bad actors know that highly emotional states cause us to act in unsafe ways. And of course, the pandemic provides scammers with an advantage. With COVID-19 society continues to cope with unprecedented disruptions and changes causing fear, anxiety, loneliness, uncertainty and insecurity. In a Psychology Today blog, security expert Chris Hadnagy notes, “scammers don’t care that you just lost your mom to COVID, or that you have been unemployed for six months, or that your kids are depressed from isolation. Actually, they are hoping to find you while you are experiencing the heavy emotional toll of these problems.”
The Tech Support Scam Hits Home
At the start of the pandemic in March 2020, my husband’s mother died. Coping with death and grief while navigating those early uncharted waters of a world in lockdown was difficult. It was while coping with this distressing situation, that my father-in-law became the target of a vishing scam.
“Microsoft’” Calls — Your Computer Has a Problem
“Microsoft” support called my father-in-law. He figured it was a scam and hung up. Several days later “Microsoft” support called again. This time my father-in-law let the call go to voicemail. “Microsoft” support left a message with a call-back number. Curious about the phone number, my father-in-law called and, to his surprise, the number went to a Microsoft store. Satisfied that the number seemed legitimate, he hung up. The scammers called again. Since the call-back phone number previously given appeared legitimate, my father-in-law answered the phone. And, as these scams go, he was told that “Microsoft” had found a problem on his computer.
We Can Fix the Problem with Remote Access
To fix the problem, the “Microsoft” tech-support employee asked for remote access to my father-in-law’s computer. Since the call-back number previously given seemed legitimate, he gave the scammer remote access. After doing so, he thought, “why did I do that?” Thankfully, in the end, no money was stolen. However, his computer crashed, creating another set of stressful problems for him to deal with during a very painful time.
We Are All Vulnerable to Scammers—Especially Now
My father-in-law’s experience brought home to me how vulnerable we all are to scammers, especially now. We are coping with a pandemic, which naturally causes feelings of uncertainty, fear, and anxiety; while at the same time navigating personal tragedies in our lives with their own set of emotions. And as Hadnagy mentioned, “scammers don’t care… they are hoping to find you while you are experiencing the heavy emotional toll of these problems.”
The impact of COVID-19 on security and society will be with us for some time. So how can we help our families and friends fight security fatigue and be prepared when the phone rings? There are a couple of things we can do. First, we can help them know how to recognize and respond to phone scams. Second, we can be supportive.
Know How to Recognize and Respond to Phone Scams
Scammers are good at what they do. So it is sometimes difficult to tell the difference between a legitimate offer or inquiry and a scam. Here are some helpful facts and tips to share with friends and family.
Tech Support Scams
As a result of the pandemic, we rely on our electronic devices as never before. So to have “Microsoft” or “Apple” call saying your computer has a problem would understandably cause fear and anxiety. However, it’s important to remember that the real Microsoft and Apple will never call to give you unsolicited technical support. Should you get a call from someone claiming to be from a reputable software company, here’s what the FTC says to do:
- If a caller says your computer has a problem, hang up.
- Don’t trust caller ID. Scammers use fake caller ID information to look like local businesses or trusted companies.
- If you get a pop-up message to call tech support, ignore it.
- Never give someone your password, and don’t give remote access to your computer to someone who contacts you unexpectedly.
If you are concerned about a computer virus or other threat, the FTC recommends calling your security software company directly, using the phone number on its website, the sales receipt, or the product packaging. And for those working from home, know who to contact within your organization for support when you have technical problems.
COVID-19 Tracing Scams
In many states legitimate contact tracers are using text messages for the first contact. After this first contact, the Federal Communications Commission (FCC) reports that most legitimate contact tracing will take place over the phone. Legitimate contact tracers will need to verify your name, address, and birthday. They already have this information, so they will not directly ask you for it. All you need to do is confirm it. Legitimate contact tracers will never ask for:
- Insurance information,
- Bank account information,
- Credit card numbers,
- Social Security numbers, or
If the caller asks for any of the above bulleted information, hang up! It’s a scam. They are trying to steal your personal and health insurance information.
COVID-19 Testing Scams
The FCC has received reports of robocalls offering free virus test kits. One version of this scam targets higher-risk people with diabetes. The extra lure the crooks include is a free glucose monitor. But there is nothing free with these calls. Scammers are after your personal and health insurance information. The FCC gives these tips when it comes to testing offers:
- Be cautious if you’re being pressured to share any information or make a payment at once.
- Government agencies will never call you to ask for personal information or for money.
- Scammers often spoof phone numbers to trick you into answering.
- Do not respond to calls from unknown numbers, or any others that appear suspicious.
COVID-19 Vaccine Scam
As the rollout of COVID-19 vaccines gain momentum we are seeing an increase in vaccine related scams. Bad actors are hoping to cash in on the confusion resulting from vaccine distribution varying by state and territory. It’s important to remember that everyone living in the United States can receive a COVID-19 vaccine free. So, if you get a call about vaccination and want to know if it is legitimate, the FTC has these tips to spot a vaccine scam:
- Anyone who asks for a payment to put you on a list for the vaccine, make an appointment for you, or reserve a spot in line is a scammer.
- You can’t buy the vaccine – anywhere. The vaccine is only available at federal- and state-approved locations.
- No one from a vaccine distribution site, health care provider’s office, pharmacy, or health care payer, such as a private insurance company or Medicare, will call, text, or email you asking for your Social Security, credit card, or bank account number to sign you up to get the vaccine.
The sudden shift to living online continues to drive the increase in cyber-based crime. However, a point not to be overlooked is that the unique and uncharted situations the pandemic created has resulted in society being more emotionally vulnerable than ever before. So what can we do to emotionally support our friends and family thereby reducing their vulnerability to scammers? These are a few ideas:
- Stay involved in your family and friends’ lives. Physical isolation due to COVID-19 has intensified feelings of loneliness making each of us more vulnerable to scams. A phone call, video chat, or text message can go a long way toward staying connected.
- Be prepared when the phone rings. As a family review the Slam the Scam information sheet from National Security Agency of the Inspector General.
- Share your knowledge. If you know about a scam tell your friends and family.
- Make yourself available. Let your friends and family know they can call you if they think they are the target of a scam.
- Report the fraud. If someone you know has become a scam victim, encourage them to report the fraud at https://reportfraud.ftc.gov/#/.
The impact of COVID-19 on security will continue in 2021. Scammers continue to actively exploit the unprecedented changes to our lives as a result of the pandemic. So share your knowledge. Help your friends and family know how to recognize and respond to phone scams. And be supportive. By doing so, we will help each other be less vulnerable.
Written by Social-Engineer