We’ve warned consumers about Coronavirus-related scams, but businesses are at risk, too. Keep your guard up against these seven B2B scams that try to exploit companies’ concerns about COVID-19. In addition to sharing this information with your employees and social networks, read on for how you can report Coronavirus scams to the FTC.
“Public health” scams
Fraudsters are sending messages that claim to be from the Centers for Disease Control and Prevention (CDC), World Health Organization (WHO), or other public health offices. They may ask for Social Security numbers, tax IDs, etc. Other variations direct you to click on a link or download a document. Remind your staff not to respond to messages like this – and definitely don’t download anything or click on links in unsolicited email. It’s the latest form of phishing aimed at stealing confidential data or installing malware on your network.
Government check scams
You’ve seen news stories about whether financial help for businesses might be available in the future. But remember that criminals read those headlines, too, and use them to make their phony pitches sound more credible. If someone calls or emails you out of the blue claiming there’s money available from a government agency if you just make an up-front payment or provide some personal information, it’s a phony. Our Checks from the government blog post offers tips on spotting those scams.
Business email scams
We’ve warned companies about frauds perpetrated via business email. For example, in a CEO scam, an employee gets a message that appears to come from a company higher-up directing the person to wire money, transfer funds, send gift card codes, etc. In reality, a con artist has spoofed the boss’ email address or phone number. Why are we renewing the call for vigilance? The economic upheaval caused by the Coronavirus has led to a flurry of unusual financial transactions – expedited orders, cancelled deals, refunds, etc. That’s why an emergency request that would have raised eyebrows in the past might not set off the same alarms now. Compounding the problem is that teleworking employees can’t walk down the hall to investigate a questionable directive. Warn your staff about these scams and give them a central in-house contact where they can verify requests they may receive.
It works like a CEO scam, but this time the call or message claims to come from a member of your technology staff asking for a password or directing the recipient to download software. These scams pose a particular problem now due to what cybercrime experts call social engineering: the dark art of manipulating human behavior to facilitate fraud. Your employees already may be distracted by changes to their routine and your tech support team is swamped. Taking advantage of this temporary “upside down-ness,” con artists may do a quick online search to glean a tidbit to really sell their story – for example, “I spoke with Fred, who said you were having a computer problem” or “The meeting has been shifted to our new teleconferencing platform. Here’s the link.” Your best defense is a workforce warned against this form of fraud. Again, an in-house source for accurate information can help protect your company.
With many businesses scrambling for supplies, it’s wise to heed warnings about websites that mimic the look of well-known online retailers. They claim to have the essentials you need, but in reality, they’re fakes that take your “order,” grab your credit card number, and run. The safer strategy is to type in URLs you know to be genuine. And before taking a chance on an unfamiliar supplier, check them out with trusted industry colleagues.
While working from home, your employees are hearing a new crop of annoying – and illegal – robocalls. It’s no surprise that fraudsters who already flout the law would try to exploit people’s COVID concerns to make a buck. Some of these tele-phonies pitch bogus test kits and sanitation supplies. Others have businesses in their sights. Curious what these calls sound like? This recording targets “small business who may be affected by the Coronavirus,” warning them to “ensure your Google listing is correctly displaying. Otherwise customers may not find you online during this time.” We’ve seen scams like this before and the call definitely isn’t from Google. Remind your staff that the only right response to an illegal robocall trying to sell something is to hang up.
The rest of us may be adjusting to new ways of working, but it’s business as usual for hackers. With more people telecommuting, hackers are hoping companies will drop their online defenses, making it easier to infiltrate data-rich networks. We have tips to help your staff maintain security when working from home. Also, the National Institute of Standards and Technology (NIST) has resources on making a safer transition to a remote workplace. A good place to start: NIST’s updated Telework Cybersecurity page. Check out NIST’s infographic, Telework Security Overview & Tip Guide. Read their recent bulletin on Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions. And review their advice on Navigating the Conference Call Security Highway.
The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.
- We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
- We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
- We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
- We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to ReportFraud.ftc.gov.
We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.