In addition to the health risks associated with COVID-19 there are unscrupulous individuals who take advantage of peoples’ legitimate concerns about their health and welfare by attempting to commit fraud against them. Here’s some important information regarding what is happening and how you can protect yourself:
What’s going on?
Several states, including all four of the states we serve, have reported cases of the COVID-19 virus. Several state governors have also gone so far as to declare states of emergency in order to facilitate their response to this health concern. Schools have been closing and public events have been canceled. It’s scary out there. Whenever there are issues or events that trigger emotional distress or even curiosity, cybercriminals will attempt to take advantage of these topics. There have been several fraudulent emails already attempting to take advantage of this health emergency. Here are a few examples:
- An email from a spoofed news outlet claiming a cure has been found or a pandemic has been declared. A link is supplied to access an article for the victim to click to read the additional details. While the act of clicking alone may sound benign, that is enough for the cyber criminals to infect your system, steal data, or hold you hostage with ransomware.
- An email claiming to be from Human Resources or company leadership with an updated work from home policy in response to the virus. The memo is provided in an attachment that needs to be opened. The act of clicking on the attachment and opening the document could be enough in and of itself to compromise your system.
- A text message (or telephone call) from a fraudulent charity soliciting donations to find a cure or help those impacted. As with any time of crisis, people will try to create fraudulent schemes to steal money.
What do you need to do?
Pause, Inspect, Think. Emotions can run high in these situations. We want to protect ourselves. We want to protect our families. We want to protect our employment. We want to help others. Be skeptical in anything sent to you about this situation.
- Warning Signs
Text messages and correspondence containing certain red flags should alert users to a possible phishing or SMiShing attack, including:
- Grammatical errors
- Offering fantastic prizes
- Creating a sense of urgency
- Requesting personally identifiable information (PII)
- Requesting User IDs and Passwords
- Threatening with consequences
- Making demands
First Financial Bank will NEVER call, email, or text a request for your user ID and password.
Beware of Unsolicited Contact
Look at who sent the email, text message, phone call, letter, etc. to you. Is this someone that you know? If it isn’t, pause. Look closely at the sender and the content. If it isn’t something directly relevant to you, delete it.
Even Your Friends Could Get Hacked and That May Affect You
If the correspondence is from someone you know, were you expecting it? Is it something they normally send to you? If you weren’t expecting it, or it’s something out of character from them, pause. Contact the sender and confirm that it was indeed legitimate. Don’t simply REPLY to the message since that would go back to the bad guy. Create a new message using their known address.
Trash Junk Mail
If it looks like spam, simply delete it.