After reading the headline, you might wonder about what I am going to tell you next. I am going to tell you that you can be robbed in broad daylight without even a trace during this pandemic if you do not live by the old adage ‘think before leap’.
It was estimated that global financial crime activities represent around 3.5%-5.0% of global GDP. It is a lucrative business venture even though these activities are unlawful.
COVID-19 provides another business opportunity for criminals to exploit the ordinary people like us to make profits. However, lack of awareness among public is the most concerning vulnerability we have on our hands.
There are various financial crime risks such as social engineering techniques, identity theft, fraudulent employment schemes, fundraising for false charities and fraudulent medical scams are few of many ways to exploit you during this unprecedented time.
I would like to run you through seven ways in which you can be robbed or exploited during this crisis.
Phishing, Vishing, Pharming and Smishing
A set of catchy words are not that catchy when you understand the meanings of those. These are common social engineering techniques, i.e. the ways in which fraudsters manipulate you to get information they need. These are normally receiving to your e-mail, facebook, twitter, Instagram or even for your tinder account with a sense of urgency. A tip would be to identify these scams at first sight is they are desperate for a click or response from you immediately.
If you have not clicked or responded within a short time period, it is most likely for them to follow you up till a response.
Phishing
Phishing is the most popular method of compromising your sensitive information. Sensitive information may consist of your banking details, social security details, national identity card (NIC) number, credit card details or even your sexual preferences.
Usual practice of criminals is to send you a link to prompt you to click, showing a sense of urgency. A click will direct you to a page which designed to input your personal details such as name, date of birth, credit card details, passwords and other sensitive information to claim a benefit. This could lead to an identity fraud.
In the UK alone, 2,192 phishing attempts reported linked to COVID-19 as of beginning of the pandemic.
Pharming
Pharming is where fraudsters install a virus or Trojan on your computer to redirect the traffic to a fake site. A particular form of pharming is where the fraudster poisons a DNS (Domain Name Server: computer server that contains a database of public IP addresses and their associated host names) causing users inadvertently visit a fake site and prompt visitors to provide information. Usually the fake site mimics the original site.
This is a major challenge for banks, and ecommerce sites. Especially in a time of a people increasingly moving to online platforms.
Vishing
Vishing is using telephone calls to steal your sensitive details. Usually criminals pretend as your bank or financial institution and gather information such as credit card details. With modern technology features such as caller ID, spoofing and automated systems (IVR—Interactive Voice Response) makes it difficult to trace the criminals as well. The criminals also use this information to set up new accounts.
Smishing
Smishing is use of SMS (Short Messages Services) for fraudulent activities. Usually fraudster sends an SMS with a link or phone number. Usually these messages send using fake phone numbers instead of actual phone numbers.
The phone number usually has an automated voice response system. Smishing also lure you to respond immediately. The best advice is NOT to respond to these messages.
An example for this reported from the UK where a text was sent to people saying they have been fined GBP 250 for leaving their home more than once during lockdown. To get more information, they have provided a link.
Usual best practices to avoid these scams are to be vigilant about before providing details such as checking credibility of links. Usually secure URLs begin with https rather than http. Using anti-virus program in your computer also helps. Furthermore, verifying recipient is key to avoid these scams.
We need to keep in mind that banks and reputed financial institutions are unlikely to request your passwords, pin numbers via telephone or via email.
In case of an incident, reporting the incident to authorities is crucial in managing these situations effectively, trace criminals and prevent further damages.
Fraudulent Charities
This is an inherent issue in Sri Lanka. However, we should be vigilant about these scams. Especially aftermath of the pandemic. Many people lost their jobs or reduced their income during this period and we can observe a surge in unregistered charities conducting relief measures.
The main risk with unregistered charities is they lack reporting requirements. Therefore, it is easy to misappropriate the funds and disappear without a trace. Another risk is COVID-19 provides a perfect opportunity for terrorist groups to collect money without much scrutiny in the guise of charity.
In case you donate money through online platforms, be careful about domain names. Usually non-profit organizations use .org domain rather than .com or .net domain.
Therefore, we should be vigilant about these scams in the wake of COVID-19.
An example for this was reported in the UK where a fraudster asking for donations to help the NHS (National Health Service) fight COVID-19.
Fake Cures
You may have already come across products in local markets at least one time which claim to be a cure for COVID-19. However, there is no legitimately accepted vaccine found so far which accepted treatment for COVID-19.
On 22 March 2020, US Department of Justice issued its first restraining order against a website (coronavirusmedicalkit.com) offering fraudulent COVID-19 vaccine. - Thushan Weerasuriya
Leave Comments