FTC Identifies Seven Coronavirus Scams That Target Businesses – Seven B2B Coronavirus Scams That Try to Exploit Companies’ Concerns About COVID-19

Kehoe Law Firm, P.C. is making consumers and businesses aware about seven Coronavirus scams that target businesses, as reported by the Federal Trade Commission.  The FTC has identified the following B2B scams that attempt to exploit COVID-19 concerns:


Fraudsters are sending messages that claim to be from the Centers for Disease Control and Prevention (“CDC”), World Health Organization (“WHO”), or other public health offices. They may ask for such things as Social Security Account Numbers or tax IDs. Other variations direct you to click on a link or download a document. The FTC advises to remind your staff not to respond to such messages, in addition to NOT downloading anything or clicking on links within unsolicited email. It’s the latest form of phishing aimed at stealing confidential data or installing malware on your network.


Regarding news stories about whether financial help for businesses might be available in the future, please remember that criminals read those headlines and use them to make their phony pitches sound more credible. If someone randomly calls or emails claiming there is money available from a government agency if you just make an up-front payment or provide some personal information, it’s phony. The FTC’s checks from the government blog post offers tips on spotting those scams.


The FTC has warned companies about frauds perpetrated via business email. For example, in a CEO scam, an employee gets a message that appears to come from a company higher-up directing the person, for example, to wire money, transfer funds or send gift card codes.  In reality, a con artist has spoofed the boss’ email address or phone number. Why is the FTC renewing the call for vigilance? The economic upheaval caused by the Coronavirus has led to a flurry of unusual financial transactions – expedited orders, cancelled deals, refunds, etc. That’s why an emergency request that would have raised eyebrows in the past might not set off the same alarms now. Compounding the problem is that teleworking employees cannot walk down the hall to investigate a questionable directive. Warn staff about these scams and give them a central in-house contact where they can verify requests they may receive.


An I.T. scam works like a CEO scam, but this time the call or message claims to come from a member of your technology staff asking for a password or directing the recipient to download software. These scams pose a particular problem now due to what cybercrime experts call social engineering: the dark art of manipulating human behavior to facilitate fraud. Your employees already may be distracted by changes to their routine and your tech support team is swamped. Taking advantage of this temporary “upside down-ness,” con artists may do a quick online search to glean a tidbit to really sell their story – for example, “I spoke with Fred, who said you were having a computer problem” or “The meeting has been shifted to our new teleconferencing platform. Here’s the link.” Your best defense is a workforce warned against this form of fraud.


With many businesses scrambling for supplies, it’s wise to pay attention to warnings about websites that mimic the look of well-known online retailers, which claim to have the essentials you need, but, in reality, they are fakes that take your “order,” grab your credit card number, and run. The safer strategy is to type in URLs you know to be genuine. And before taking a chance on an unfamiliar supplier, check them out with trusted industry colleagues.


While working from home, employees are hearing a new crop of annoying – and illegal – robocalls. It’s no surprise that fraudsters who already flout the law would try to exploit people’s COVID concerns to make money. Some of these tele-phonies pitch bogus test kits and sanitation supplies. Others have businesses in their sights. Curious what these calls sound like? This recording targets “small business who may be affected by the Coronavirus,” warning them to “ensure your Google listing is correctly displaying. Otherwise customers may not find you online during this time.” We’ve seen scams like this before and the call definitely isn’t from Google. Remind your staff that the only right response to an illegal robocall trying to sell something is to hang up.


With more people telecommuting, hackers are hoping companies will drop their online defenses, making it easier to infiltrate data-rich networks. We have tips to help your staff maintain security when working from home. Also, the National Institute of Standards and Technology (‘NIST”) has resources on making a safer transition to a remote workplace. According to the FTC, a good place to start in this regard is NIST’s updated Telework Cybersecurity page, as well as NIST’s infographic, Telework Security Overview & Tip Guide, their recent bulletin on Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions,and their advice on Navigating the Conference Call Security Highway.

Source: Federal Trade Commission – FTC.gov

Kehoe Law Firm, P.C.