How to protect your business from COVID-19 fraud threats
Learn to recognize increasingly common scams and how to avoid them.
Nota del editor: También está disponible una versión en español de esta historia.
As COVID-19 continues to lead headlines, cybercriminals are following the news and crafting schemes to exploit the fears and financial uncertainty surrounding the pandemic. Coronavirus-themed phishing attacks have skyrocketed since February. As scammers continue to target both individuals and organizations, businesses should be aware of additional fraud threats as they adapt to a more remote workforce.
“The pandemic is changing when, where, and how businesses are operating and making payments, and that’s opened the door for fraudsters to take advantage,” said Jinee Ellis, financial crimes manager for Treasury Management & Payment Solutions at Wells Fargo. “Recognizing fraud scams and knowing how to avoid them will help protect you and your business.”
“The pandemic is changing when, where, and how businesses are operating and making payments, and that’s opened the door for fraudsters to take advantage.” — Jinee Ellis, financial crimes manager for Treasury Management & Payment Solutions at Wells Fargo
For example, business email compromise, or impostor fraud, occurs when a fraudster impersonates someone trusted — such as a vendor, executive, or the IRS — and attempts to trick victims into making a payment or transferring sensitive data to them. Fraudulent emails may ask for a rushed payment or last-minute changes in payment instructions or deposit account information.
The FBI recently issued a press release warning about phishing emails and business email compromise schemes claiming to offer medical supplies, testing kits, or vaccines, citing multiple incidents in which state government agencies, attempting to procure such equipment, were duped into wiring funds to fraudulent brokers and sellers. Other phishing emails claimed to have critical information about the Paycheck Protection Program, the Economic Impact Program, and other stimulus payments.
Here are a few tips that can help keep your accounts and information secure from
common coronavirus scams.
Beware of suspicious emails, links, or calls
Phishing attacks through email and texts are designed to spoof legitimate organizations and trick users into giving up personal information to gain access to online accounts and make unauthorized transactions. They can also trick victims into clicking malicious links that can install malware or ransomware onto their device.
Be on the lookout for medical supply scams and fraudulent donation sites that may impersonate a company, charity, or government agency to convince you to make purchases or donations on spoofed websites or do business with a phony vendor. Do not click links in emails or text messages, open attachments, or install programs unless you are sure that they’re from a trusted sender.
With so many people working remotely for the first time due to the pandemic, fraudsters are also taking to impersonating technology support in order to gain account access and privileged information. Instruct your employees to be wary of incoming calls claiming to be from information technology and asking them to click on links or share account information.
Verify all payment requests and changes to payment instructions
If you receive a request to change payment details such as bank account or invoice information, verify the request using a different method of contact to make sure it’s authentic. For example, if the vendor contacts you by email, confirm the information by phone. Be sure to use the information you have for the contact on file, not the contact information in the request you received.
Monitor accounts and processes
Reconcile your accounts daily to detect suspicious activity. Most banks offer positive pay for checks and ACH payments that incorporate separate review and approvals. If you issue and print checks, make sure you have adequate controls over your physical checks and signatures, or consider using electronic payment options with digital controls. Finally, ensure any new processes are documented and audited to capture critical gaps.
We’re taking action every day to support our employees, customers, and communities during this challenging time. Read about the actions we are taking, what our strategists are saying about market volatility, how to conduct banking from the safety of your home, and more. Explore the series >