03 Feb 2021

Protect Your Business From COVID-19 Scammers

We are sharing best practices to protect your business from COVID-19 scammers. Many cybercriminals see the COVID-19 pandemic as an opportunity to prey on businesses that are not protected against payment fraud. Even worse, the attacks are becoming more sophisticated with time, making it harder to recognize them. Most of the scams happening now can be classified as payment fraud.

Protecting your business from COVID-19 scammers is something everyone should be aware of. Payment fraud is any type of false or illegal transaction completed by a criminal on the internet. This includes taking a victim’s funds, personal property, interest, or sensitive information via the Internet. Your company should have a Data Breach Plan in place, we have a blog post explaining how to do that here.

protect your business from COVID scammers

Major Increase in Internet COVID-19 Scams

Ecommerce businesses rely on electronic transactions to charge customers for products and services. The increased volume of electronic transactions has also resulted in an increase in fraudulent activities. In a recent Business Wire article, they cite a new study from Juniper Research found that businesses in eCommerce, airline ticketing, money transfer, and banking services, will cumulatively lose over $200 billion to online payment fraud between 2020 and 2024; driven by the increased sophistication of fraud attempts and the rising number of attack vectors.

protect your business from COVID scammers

What types of fraud are there?

  • Social Engineering & Phishing: Any emails or websites that require personal or private information such as credit card, bank account or login credentials are prone to phishing. If the source is trusted, such as a partner with a bank, the website is trustworthy. However, if the source is unfamiliar, it could indicate an attempt at stealing information.
  • Identity theft: Identity theft exists outside of the digital realm as well, but it’s a common type of fraud online. A cybercriminal who steals personal information and uses it under false pretense is engaging in identity theft. Hackers penetrate firewalls through old security systems or by hijacking login credentials via public Wi-Fi.
  • Pagejacking: Hackers can reroute traffic from your e-commerce site by hijacking part of it and directing visitors to a different website. The unwanted site may contain potentially malicious material that hackers use to infiltrate a network security system. E-commerce business owners must be aware of any suspicious online activity in this capacity.
  • Advanced fee and wire transfer scams: Hackers target credit card users and e-commerce store owners by asking for money in advance in return for a credit card or money at a later date. 
  • Merchant identity fraud: This method involves criminals setting up a merchant account on behalf of a seemingly legitimate business and charging stolen credit cards. The hackers then vanish before the cardholders discover the fraudulent payments and reverse the transactions. When this happens, the payment facilitator is liable for the loss and any additional fees associated with credit card chargebacks.

Best Practices to Avoid COVID-19 Scams

Good cyber hygiene is critically important in the current climate to protect your business from COVID-19 scammers. There are many things you can do to stay vigilant. It’s critical to protecting your business from COVID-19 scammers. This list from Key Bank highlights easy ways to be aware of cyber activity.

  • Do not open attachments or click on links within emails or text messages from senders you don’t recognize
  • Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s email address appears to match who it is coming from
  • Always verify the web address of legitimate websites and manually type them into your browser
  • Check for misspellings or wrong domains within a link (for example, an address that should end in a “.gov” ends in “.com” instead)
  • Be skeptical of last-minute changes in wiring instructions or recipient account information
  • Verify any changes and information via the contact on file – do not contact the vendor through the number provided in the email
  • Be skeptical of the unusual asks or activity of vendors, and ask questions:
    • Unusual payment terms (e.g., supplier asking for up-front payments or proof of payment)
    • Last-minute price changes
    • Last-minute excuses for delay in shipment (e.g., claims that the equipment was seized at port or stuck in customs)
    • Unexplained source of bulk supply

Be Aware of Red Flags

  • Apply extra due diligence to vendor identification and be conscious of the potential red flags, including:
    • If the business address does not match the purported business type (Carry-out restaurant, gas station, residence, P.O. Box)
    • Business ownership – is the firm registered in the state that it is doing business in
    • Business is newly established
    • Negative headlines in online search
    • Business is not consistent with the type of vendor they are supposed to be, i.e. medical supplies
    • Generic email addresses, such as Gmail, AOL or Yahoo 
    • Order process redirects user to an offshore site

Be Extra Diligent When Using Wires

Wires are a huge target for COVID-19 scammers. Apply extra due diligence prior to initiating a wire as wires are often irrevocable and could result in a loss to your organization.

  • Do not reply if you receive an email or text with wiring instructions.
  • Do not use or call numbers listed in emails or texts that look suspicious. Only use numbers specified in contracts.

How do COVID scams happen?

Fraudsters have become savvy at illegally obtaining information online and COVID-19 has given them even more opportunity to do it. Hackers often pose as a legitimate representative and contact credit card owners asking for sensitive information. They then use the following means of interaction to steal personal data:

  • Email
  • Texting malware to smartphones
  • Instant messaging
  • Rerouting traffic to fraudulent websites
  • Phone calls
  • Online auctions

You must be aware of how it happens in order to prevent COVID-19 scammers and fraudulent payment risk. Cybercriminals also work in teams to penetrate network security systems by looking for glitches or patches that haven’t been updated in a while. These gaps give hackers access around a firewall and make it easy to illegally obtain sensitive information.

How can e-commerce businesses avoid being scammed?

While it’s challenging to entirely eliminate the threat of COVID-19 scams for e-commerce stores, you can help prevent it by continually updating your network security systems. Firewalls and antivirus software are designed to act as a shield against hackers’ attempts to penetrate a secure network. Constantly updating software helps ensure that your sensitive business information is safe. The FTC says one way you can prevent fraudulent payment risk is to report anything you find suspicious. There’s a special link where you can report possible COVID-19 frauds

Payment fraud and all sorts of COVID-19 scammers can hurt both you and your customers. By aggressively protecting your business against fraud, you can improve your reputation and your bottom line. Diversified Insurance Group can help you tackle the issue and protect your business from COVID-19 scammers. For more information, go here.