Since the early days of the pandemic, federal assistance has been available through official channels for people who are eligible. However, many fraudsters have also taken this opportunity to exploit those in need by setting up COVID phishing campaigns that target users via email, text messages, social media posts, and webpages.
A phishing scam is an attempt to trick someone into entering their personal and confidential information. These scams will often ask for the following:
- Full name
- Email address
- Phone number
- Physical address
- Social Security number*
- Age
- Employment
- Educational Level
*While most of the listed information may be online, your social security number is protected and should only ever be entered into official websites. Do not save your social security number in your internet browsers.
With this information, cyber criminals can easily access your bank accounts, your emails, and most of your personal accounts. You may then find yourself a victim of identity fraud, bankruptcy, defamation, or blackmail. Many cyber attackers also sell people’s private information on the dark web–a portion of the internet with very loose regulations and limited privacy protection.
What does a COVID phishing scam look like?
COVID-related scams will often make charitable appeals to users by citing “relief funds” that provide assistance and services to those who have been affected by the COVID-19 pandemic. This can include people facing unemployment, eviction, or those in need of rent relief and utility assistance. While you may receive plenty of legitimate resources for pandemic-based aid, it’s important to be on the lookout for certain red flags.
Such scams usually start off with basic, impersonal greetings and often have grammar and spelling errors. Most of these messages insist that you act now, putting pressure on users to give away their information by stressing urgency. Legitimate relief funds usually give a realistic window for application and give people time to gather their information. They may send out notices and reminders, but not direct calls to action. If you are being asked to enter personal, financial, or medical information immediately for assistance, the source may be fraudulent.
An example of a phishing scam. A tell-tale sign is the inclusion of a personal email address
An unprotected website asking for your social security number should not be trusted
Federal relief comes directly from the government; make sure that the link you are visiting has a URL ending in .gov, .edu, or .com that would take you to the official webpage of a credible organization. Similarly, any notices from health organizations, such as the CDC or the Houston Health Department are announced by them directly.
You can look for logos, trademarks, and disclaimers in emails that can be copied into a web search to check the legitimacy of the website. Do not click on any unfamiliar or suspicious links. By clicking on any suspicious links or responding to messages, you may leave yourself vulnerable to viruses that will automatically download onto your device.
What can you do if you’ve already been the victim of a phishing scheme?
- Change all your passwords. Make sure they aren’t similar to your previous passwords or make reference to any of your personal information. For maximum security, your password should include both upper and lowercase letters, numbers, and signs.
- Assess the accounts that have been compromised and contact the company (bank, employer, email provider, etc.) to report the scheme. Inform them of your password change and follow their instructions on how to keep your information safe. You may need to cancel your cards or create new accounts.
- Notify the three major credit reporting agencies (Transunion, Equifax, Experian) of the information breach and request free credit reports to check on the details of your credit score and record.
- Scan your computer for viruses. Anti-virus software can notify you of any corrupted or infected files. For additional assistance and peace of mind, consider hiring an expert.
Anyone can fall victim to a phishing scam, so it’s important to stay informed and track how your personal information is being used. File a report with the Federal Trade Commission (FTC) if your identity has been stolen. To help others avoid phishing scams, report the details of your experience to the FBI’s Internet Crime Complaint Center or the Anti-Phishing Working Group.
Lone Star Legal Aid is a 501(c)(3) nonprofit law firm focused on advocacy on behalf of low-income and underserved populations. Lone Star Legal Aid serves millions of people at 125% of federal poverty guidelines that reside in 72 counties in the eastern and Gulf Coast regions of Texas, and 4 counties of southwest Arkansas. Lone Star Legal Aid focuses its resources on maintaining, enhancing, and protecting income and economic stability; preserving housing; improving outcomes for children; establishing and sustaining family safety and stability, health and well‐being; and assisting populations with special vulnerabilities, including those who have disabilities, or who are elderly, homeless, or have limited English language skills. To learn more about Lone Star Legal Aid, visit our website at http://www.lonestarlegal.org.
Media contact: media@lonestarlegal.org
