Many people feel a certain level of invincibility to data breaches and online scammers, maybe because they are well-read and knowledgeable about what to look for and avoid, or maybe because they simply think they are smart enough to know a scam when they see it. While that may be true in the ordinary course, scammers have adapted to and are preying on peoples’ vulnerable states in the current pandemic. This is even more concerning given the vast number of people working from home, which creates additional exposure for employers.
People of all generations have resorted to video conferencing while social distancing for everything from work meetings, to online schooling, to family dinners and virtual happy hours. This last week, however, issues with Zoom’s privacy protections have come to light. The New York Attorney General asked Zoom whether the company “is taking appropriate steps to ensure users’ privacy and security.” Further, the Federal Bureau of Investigation (FBI) issued a warning against “zoom-bombing,” where hackers or trolls hijack a public video call, shouting profanities or sharing vulgar images. The FBI urged victims of “zoom-bombing” to report any incidents. The agency also provided the following tips for using video conferencing to mitigate hijacking threats:
- Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
- Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
- Manage screensharing options. In Zoom, change screensharing to “Host Only.”
- Ensure users are using the updated version of remote access/meeting applications.
Video conferencing is not the only data concern. The Federal Trade Commission (FTC), the Food and Drug Administration (FDA), and the Department of Justice (DOJ) are working to identify, stop, and inform the public of fraudulent behavior. The FTC and FDA are jointly issuing warning letters to sellers of unapproved and misbranded products, claiming they can treat or prevent COVID-19. The DOJ is taking action to fight fraudulent websites such as those seeking to profit from the confusion and widespread fear surrounding COVID-19 and has already obtained a temporary restraining order against a website offering fraudulent coronavirus vaccines for those consumers who enter their credit card information to cover a minimal shipping fee.
Below are some tips and tricks for people to stay vigilant to protect themselves from known and emerging scams related to COVID-19, many of which come from FTC and DOJ guidance. While some may appear obvious, it does not hurt to refresh your knowledge on what to look for and pass that knowledge along to others, such as children or parents, who may be more vulnerable to scammers.
- Independently verify the identity of any company, charity, or individual that contacts you regarding COVID-19.
- Check the websites and email addresses offering information, products, or services related to COVID-19. Be aware that scammers often employ addresses that differ only slightly from those belonging to entities they are impersonating. For example, they may uses “cdc.com” or “cdc.org” instead of “cdc.gov.”
- Be wary of unsolicited emails offering information, supplies, or treatment for COVID-19 or requesting your personal information for medical purposes. Legitimate health authorities will not contact the general public in this way.
- Do not click on links or open email attachments from unknown or unverified sources. Doing so could download a virus onto your computer or device.
- Scammers, and sometimes well-meaning people, share information that has not been verified. Fact-check the information before you pass it on. Visit What the U.S. Government is Doing for links to federal, state, and local government agencies.
- Make sure the anti-malware and anti-virus software on your computer is operating and up-to-date.
- Ignore offers for a COVID-19 vaccine, cure, treatment, or home test kit. Remember, if a vaccine becomes available, you will not hear about it for the first time through an email, online ad, or unsolicited sales pitch. Scammers are trying to get consumers to buy products that aren’t proven to treat or prevent COVID-19. Currently, there are no FDA-authorized home test kits for COVID-19.
- Check online reviews of any company offering COVID-19 products or supplies. Avoid companies whose customers have complained about not receiving items.
- Research any charities or crowdfunding sites soliciting donations in connection with COVID-19 before giving any donation. Remember, an organization may not be legitimate even if it uses words like “CDC” or “government” in its name or has reputable looking seals or logos on its materials. For online resources on donating wisely, visit the FTC website.
- Be wary of any business, charity, or individual requesting payments or donations in cash, by wire transfer, gift card, or through the mail. Do not send money through any of these channels.
- Be cautious of “investment opportunities” tied to COVID-19, especially those based on claims that a small company’s products or services can help stop the virus. If you decide to invest, carefully research the investment beforehand. For information on how to avoid investment fraud, visit the S. Securities and Exchange Commission (SEC) website.
- You do not need to “sign up” for your stimulus check. If you filed your 2018 and/or 2019 tax return, then the government likely has the information necessary to provide you with your money. Do not provide personal information to anyone, including your Social Security number, bank and routing information, or PayPal account. If you did not use direct deposit for prior tax returns and need to set up direct deposit of your check then contact the Internal Revenue Service (IRS), which will provide you with an online form to complete. The IRS will not request this information via email, text, or phone call. Finally, there is no “early access” to your check; anyone who says otherwise is a scammer.
- Hang up on robocalls and do not press any numbers. The recording may say that pressing a number will let you speak to a live operator or remove you from their call list, but it might lead to more robocalls instead.
More specific to Kentucky, during his daily Coronavirus briefings the week of March 30, 2020, Governor Andy Beshear specifically advised Kentuckians that law enforcement was investigating some pop-up COVID-19 labs and drive-through test sites that are requiring cash payments of $250. Although there are a few valid drive-up testing centers in Kentucky, such as one in Hazard, Kentucky, the Governor advised Kentuckians not to turn over their hard-earned cash to a drive-through testing center that cannot be verified as being sponsored by the state or by a healthcare provider.
For additional articles regarding data privacy and security, visit the Wyatt HITECH Law blog.