The COVID-19 Fraudsters are Out - and They Want Your Money

COVID Fraud Blog Header

There are many financial challenges surfacing in light of the COVID-19 pandemic. Unfortunately, one thing you may not be thinking about is fraud. Fraudsters are ramping up their activity and playing on vulnerability and fear to get your money. 

With so much COVID-19-related communication and activity, fraudsters have a wide variety of tactics - some new, some tried and true - to take advantage of you. It truly is prime time for fraudsters, who constantly shift their tactics to find new ways to prey on you and possibly separate you from your money. 

Here are the top four COVID-related fraud schemes we’re seeing - and some tips on how to minimize your chances of becoming a victim either personally or professionally.  

Check Fraud

The reality is, checks can be forged, faked or stolen quite easily by a fraudster. Their techniques include counterfeit or altered checks, closed or new account fraud, identity theft, and even theft or fraud by an insider - someone in your organization or family - or with close ties. 

One way to help prevent yourself from becoming a victim is to know what to look for with check fraud. Here is a link to more information on how to identify fraudulent check activity. You should also regularly review your checking account activity for any unauthorized transactions. 

We can consult with you on ways to protect yourself from check fraud, but two of the most common methods for businesses are to use Positive Pay and ACH Positive Pay. Positive Pay minimizes the possibility of fraud by helping protect you from fraudulently created - or altered - checks. It allows you to monitor checks processed for payment against your account and reject unauthorized transactions before losses occur. 

ACH Positive Pay helps guard your accounts from fraudulent electronic debits by blocking or flagging any ACH transactions not originated by an authorized vendor. As exceptions occur, you can either pay or return the item in question. 

Email ‘Phishing’

Phishing is the fraudulent practice of sending out emails purporting to be from a reputable company. One way email phishing works is by asking the recipient to verify personal information. In our current environment, this could be information related to receiving a government economic stimulus check. It could also target you based on things like COVID-19 testing kits, charitable contributions, or refunds for airfare or travel.

Pay particular attention to emails that claim to be from the CDC offering information about the virus. Links and attachments in those emails introduce malware onto your computer and steal personal information or demand payments from you by threatening to lock your computer if you don’t pay. 

Remember, do not open attachments or click links within emails from senders you don't recognize. And never provide your username, password, date of birth, social security number, financial data, or other personal information in response to an email, text or robocall.

Business Email Compromise (BEC)

BEC fraud occurs when a fraudster either compromises or mimics emails associated with employees, vendors or clients and uses that email to request a fraudulent wire or ACH. In some cases the fraudster will use an email address that closely resembles an employee or vendor email address. 

To help prevent BEC fraud, ensure that your anti-virus/anti-malware software is current, authenticate all new payment instructions and change requests with your vendors or clients via phone to a known contact and number, and verbally authenticate that transaction requests from employees are legitimate. 

Fraudulent Links and Email From What Looks Like Legitimate Sources

What better way for a fraudster to trick unsuspecting people than to take advantage of credible information sources to get you to click on something that infects your computer with password-stealing malware. 

In one recent scheme, a dashboard from Johns Hopkins University was being used on malicious websites. The viewer’s password could be stolen simply because they clicked on the interactive dashboard that showed the number of deaths and infections from COVID-19. 

To help protect yourself, always verify the web address of legitimate websites and manually type them into your browser. Check for misspellings or wrong domains within a link (for example, an address that should end in a ".gov" ends in “.com" instead).

One final warning as you adjust to this temporary new normal. Understandably, many people and businesses are doing more online shopping than ever. Fraudulent shopping sites are popping up everywhere. Be sure you are buying from a legitimate source. Have you bought from them before? Do they have customer reviews? Does the website appear to be brand new? Check them out before you buy. 

As a reminder, unless you initiated the contact, Enterprise will never request your personal information (e.g., account number, Social Security number, PIN, User ID or Password) through email, U.S. mail, live or automated phone call, or text message. If you receive unusual calls or emails claiming to be from Enterprise and requesting your personal or account information, do not respond and contact us immediately at 833-896-2850. If you call Enterprise, we may ask for information to verify your identity.

If you suspect or spot a scam, tell the Federal Trade Commission at www.ftc.gov/complaint. You can keep up with the latest COVID-19-related scams at www.ftc.gov/coronavirus.