Digital attacks are at an all time high, especially due to the uncertainty today caused by the coronavirus and now the protests across the nation. From social security scams to data breaches, our personal information is becoming more vulnerable than ever.
With the looming economic uncertainty, hackers are increasingly predatory and looking to take advantage of the vulnerable–particularly senior citizens–for their own economic gain. In fact, a recent study from Verizon found that 86% of data breaches today occur for financial gains–up 15% from last year. They are preying upon vulnerabilities, like the closure of Social Security field offices during the pandemic, as well as the increased numbers of people working from home, on unprotected wireless networks. These hackers pretend to be government agencies like the Social Security Administration or IRS, and use fear-mongering techniques like threatening phishing emails and ransomware.
We outline five of the biggest attacks and trends in data security that you need to know this month, and give you the resources you need to protect yourself given today’s uncertainty and heightened cybercrime levels.
#1 Social Security Scams
One Social Security scam that has cropped up in the midst of the crisis has been a call from a supposed government representative indicating that you are eligible for an increase in your Social Security check based on your last place of employment. They ask that you ‘merely verify’ some information in order to apply for the increase. They also create a feeling of immediacy by saying that the application is due now in order to receive the higher check by the following month.
In one such recent incident, the caller proclaimed himself to be Treasury Secretary Steven Mnuchin himself calling about the beneficiary’s supposed increase.
It may sound silly when reported here, but people fall for such scams every day. Whenever you receive a request from an unknown (or strange sounding) person or institution asking for some of your personal information, remember the golden rule of scams. Do not give out any personal or financial information to someone you don’t know by internet or over the phone. If something feels off to you, it probably is.
#2 Medicare Scams
Medicare has recently been a vulnerable target for scams. Today, according to the Centers of Medicare and Medicaid Services, bogus calls to beneficiaries are common, such as offering coronavirus testing kits and protective gear (with no actual intent of delivery). Another common scam is calling and saying they need your Social Security number in order to activate or replace your Medicare card.
Once the beneficiary numbers are stolen, hackers have the ability to fill prescriptions and file claims, as well as steal their personal information.
If you need to be tested for COVID-19, contact your health-care provider directly. If someone calls claiming to be Medicare and tries to pry for your beneficiary number, you should hang up.
To protect yourself from such scams, ensure that Medicare numbers are only shared with doctors, pharmacists, insurers, and trusted healthcare providers. We recommend carefully reviewing your quarterly Medicare summary notices for bogus services which were not requested. If you believe you may be an attempted victim of Medicare fraud, you can report it by calling Medicare’s toll-free customer service center at 1-800-633-4227.
#3 Work from home vulnerability
The increased number of people working from home gives hackers the ability to attack vulnerable networks that are not backed by the security and comfort of their employers.
In a recent CrowdStrike Work Security Index survey, researchers found that 89% of remote workers find securing their home networks difficult. This vulnerability can exist across tools such as email, conference calls (such as Zoom or Skype), and file sharing (such as DropBox). They are susceptible to phishing, ransomware, and malware.
The study uncovers that most organizations have not put any security precautions and protocol in place. According to the study, 49% of employees do not use a corporate VPN (virtual private network – a way to maintain data security) to access their work. Another 39% of users do not know how their home networks are protected or encrypted.
If you are working from home and your company has not yet put security precautions in place, it may be worth raising concerns about how you and your company communications can stay protected. Using a company VPN or a personal VPN can help defend you and your data by staying within a safe network.
#4 Stimulus Check Scam
As of June 7th, 2020, this year, the Federal Trade Commission has received 66,264 complaints with $48 million in losses with an average loss per person of around $450 dollars. The scams include emails or calls with fraudulent offers, like coronavirus test kits, or the opportunity to support a bogus charity supposedly helping efforts around COVID-19.
FTC Consumer Education Specialist Colleen Trassler points out that stimulus check scams have particularly targeted senior citizens. Scammers will offer to help seniors get their stimulus checks by asking for their personal information, such as bank routing numbers or social security numbers. Bogus checks are also being sent to trick senior citizens into verifying information online or by calling into a number.
Moreover, while some Americans have indeed received their checks, others might not receive them for a few weeks or even months. Moreover, for Social Security recipients, there may be delays in receiving checks, or misunderstandings of how the stimulus checks interact with their regular Social Security benefits. This delay period and confusion gives hackers ample opportunity to target those who are waiting–so the scams around stimulus checks are likely to continue.
Remember: never give out your Social Security number or banking information by phone to anyone who you did not call. Moreover, there is no payment that you need to make or personal information you need to share in order to receive your stimulus check. Social Security benefits have not been halted due to coronavirus, and the Social Security Administration has said they are committed to maintaining regular benefits payments throughout the pandemic.
Vishing, or voice phishing, is the practice of using voice calls and text messages to pry information from you. Similar to email phishing, but hackers who use vishing create a sense of urgency to lure in victims.
During the pandemic, vishing attacks have been on the rise, especially in the form of hackers pretending to be government agencies such as Social Security or Medicare. They call in threatening to cut off benefits in order to pry personal information from you. Worse, when hackers already have some of your personal data, it is very easy for them to impersonate financial or federal institutions.
How to protect yourself from Social Security scams, stimulus check hoaxes, and other fraudulent activity
If you think you may be on a call or text with a scammer, do not engage – even to tell them you know it is a scam. Hang up, do not answer the text, don’t click the link, delete that email.
At SimplyWise, we suggest changing your passwords frequently, at least every 30-60 days. This will stop the risk of having your information stolen by malicious hackers. To check if your personal email account has been compromised, we recommend Have I Been Pwned – a free resource, created by a Microsoft Director, to assess the risk of online accounts.
We also suggest the following basic protocol to protect yourself from cyber attacks:
- Do not open emails from unknown accounts
- Ensure multi-factor authentication (MFA) is activated on all personal accounts
- Do not put personal information on your phone
- Check the sender’s email domain name
- Look at the grammatical writing of emails received – if things seem off, they probably are
- Do not provide personal information in your emails or on calls (with the exception of if you started the phone conversation and with a trusted source)
- Consider installing antivirus software on your mobile phone and computer like Bitdefender or Norton
Additionally, companies and governments have released their own guidelines in terms of dealing with security during COVID-19. Microsoft’s COVID-19 Security Guidance advises customers to enable ATP (Advanced Threat Protection) on all their products. The FBI also released an advisory public service announcement to guide and assist people.
Finally, if you think you have been the attempted victim of a stimulus check scam, you should immediately contact law enforcement. You can also report fraudulent activity to the Better Business Bureau. And you can report Social Security scams directly to the Social Security Administration’s Office of the Inspector General.
With the health pandemic, unemployment highs, and reductions in wages, these are challenging times for all Americans. Almost all citizens are facing some kind of financial uncertainty after seeing savings and investments accounts decimated. Consequently, scammers find opportunity in taking advantage of the vulnerable, including senior citizens and others on fixed or limited income.
That’s why it’s more important than ever right now to stay vigilant, know the scams that are out there, and learn how to protect yourself and your family. Navigating the web and understanding government programs like Social Security (from retirement to spousal and survivor benefits) is confusing when we’re not in the middle of a pandemic. And the coronavirus crisis itself is making life hard for all Americans today. We cannot allow these hackers to take advantage of the confusion and add to the current crisis.