Hackers are now using the frenzy around the coronavirus COVID-19 pandemic to put malware on computers to steal personal or business information. With more and more employees working from home without the protection of corporate cyber security measures, it will likely get worse quickly.
Cyber security experts are warning everyone to only click on links from trusted organizations like the Centers for Disease Control (CDC), World Health Organization (WHO), and legitimate media companies. We should expect bad actors to turn many of the ongoing scam formulas outlined below into coronavirus scams, especially given how the epidemic is affecting those over 60 years of age. The article below was published in September 2019 prior to the COVID-19 outbreak and updated March 16, 2020.
Frank Abagnale, the author of Catch Me If You Can (think Leonardo Di Caprio in the movie) has written a new book for AARP titled Scam Me If You Can. I have only read excepts from it and am not in a position to endorse it. But it might be interesting reading for those subscribed to this newsletter.
Longtime readers of LP Magazine may remember the article in March-April 2003 issue by Abagnale talking about identity theft. In his new book, he talks about various scams that people of any age can fall victim to and do. Some scams are old, some are new, and all have various versions. And, surprisingly, hundreds, if not thousands, fall victim to them every year.
The IRS Scam
Abagnale describes one of the oldest scams out there—the IRS scam. A person will receive a phone call from a very legitimate sounding person claiming they owe back taxes and must pay up immediately. He tells of one woman who was told she had been ignoring the IRS and was now guilty of international fraud. And also, that a lawsuit had been filed by the government that included an arrest warrant.
Scammer’s ways of getting payment are varied. In this example, the woman was told to go to Walgreen’s and buy gift cards totaling a certain amount, scratch off the back of each, and read them the code. As crazy as it sounds, she did it.
IRS scams continue to be popular and become more numerous around tax time. But always remember these tips pointed out by Abagnale:
- The IRS doesn’t notify people of tax issues by phone unless it is a follow-up to previously mailed correspondence.
- The IRS doesn’t accept gift cards as payment. And no other legitimate agency does, either.
- Government agencies do not make idle threats. If you have truly broken the law or owe money, they will follow due process.
- The IRS does not send out unsolicited emails or ask for detailed personal information via email.
Abagnale goes on to discuss “dating website” rip-offs. A common theme is where “Mr. Wonderful” captures a woman’s heart, then begins to “need” money, telling all sorts of tall tales. In one case Mr. Wonderful borrowed a woman’s new car. The problem is, he didn’t give it back. That is, until he was arrested.
Identity Theft
And there is always identity theft. In one case a doctor’s computer records were hacked. A five-year-old patient then started getting payment demands for product ordered from TV infomercials. I guess the scammers didn’t know that their intended victim was five.
We’ve written many times about ways to protect yourselves. I won’t re-list them all here, but there are simple ones like changing your passwords often and carefully reviewing all your statements periodically on-line. Don’t wait until month-end. And there are more involved ones like freezing your credit and putting alerts on your bank accounts. There are many more. Look them up.
The basic rule is to maintain a healthy amount of skepticism and be wary of anything threatening or that seems too good to be true. Always independently verify the identity and legitimacy of any person or agency threatening or demanding money. It’s usually a scam.
Scammers Love Gift Cards
Okay, you say, anyone would know that purchasing gift cards for payment demands is a hoax. But this form of payment is still being requested by scammers. Easy, quick, and untraceable. Here’s a recent example.
Just three weeks ago, a very good friend of mine woke up to a loud beeping sound and message on his computer screen from “Microsoft.” It said his computer was hacked, it was frozen, don’t turn the computer off, and call the number of the screen immediately. This is an old scam, but he did it. He didn’t remember the “always independently verify” rule. The “Microsoft” people on the other end of the line asked for remote access to his computer to fix the problem. He gave it to them. Once in, they told him there was an apparent problem with his bank account. He gave them access to that, too. They told him of an unrecorded transaction made eight hours earlier from a foreign country for $8,000 on a child porn site that would post in an hour. He told them he would go to his bank and stop it. They said no, it couldn’t be stopped as it was foreign based. They said only “Microsoft” could fix the problem, but they needed payment. He was told he needed to get “security cards” in a certain amount. He asked what those were, and they said, “You know, like gift cards from Walgreen’s.” That’s when he hung up.
But the fraudsters now had access to his computer and his bank account. He still had to go to the bank to change his accounts and call out his computer guru to check his systems. All because of an official looking Microsoft computer screen and a phone call—to fraudsters. It wasn’t until deeply into the conversation that the mention of gift cards sent up a read flag. By that time, the bad guys were already in his computer.
The moral to this story is that anyone can be duped by cleaver crooks. My friend is a very aware and sophisticated individual. It didn’t matter in this case. All of us are potential victims. Something may sound legitimate, but if it is unsolicited and you aren’t absolutely sure who you are communicating with, independently verify they are legitimate before you proceed.