COVID SCAM UPDATE – Warnings Continue for Vaccine and Stimulus Payment Scams

Warnings about COVID vaccine scams continue from government agencies and private cyber-security professionals.

The latest warning comes from the Federal Trade Commission (FTC) about a scam COVID vaccine survey. The FTC says that it has been receiving reports of people receiving emails and text messages asking them to complete a limited-time survey about the COVID vaccine in exchange for a free reward. To receive the reward, the potential victim is asked to pay shipping fees. The emails/texts are phishing ploys to collect your personal information.

Others have noted an increase in offerings on the dark web of products such as fake “vaccine passports” for $250, fake negative COVID-19 test results for as little as $25, and vaccines from AstraZeneca, Sputnik (the COVID-19 vaccine developed in Russia), SINOPHARM (the COVID-19 vaccine developed in China), and Johnson and Johnson for between $500 to $1000 per dose.

Checkpoint Software Technologies purchased a vaccine for $750 in Bitcoin. The “vendor” claimed that it shipped the vaccine, then the vendor disappeared off of the internet. Checkpoint analysts view such sales more as scams to steal your money rather that vendors acquiring actual vaccines, either through purchases or theft, to sell.

While this activity was found on the dark web, it does point out the potential for scammers to contact anxious citizens who are eager to receive the vaccine, or who may seek falsified documentation of being vaccinated or of receiving a negative COVID-19 test. Throughout the pandemic agencies such as the FTC have been reporting that scammers have been contacting people via email, text, phone, or web advertising offering miracle COVID cures, or help, for a fee, to receive a test or vaccine.

The Centers for Disease Control and Prevention (CDC) reminds everyone that COVID-19 vaccines are free and that COVID-19 vaccine providers cannot,

 

·         Charge you for the vaccine.

·         Charge you directly for any administration fees, copays, or co-insurance.

·         Deny a vaccination to anyone who does not have health insurance coverage, is underinsured, or is out of network.

·         Charge an office visit or other fee to the recipient if the only service provided is a COVID-19 vaccination.

·         Require additional services in order for a person to receive a COVID-19 vaccine.

 

The FTC is also warning citizens that with the latest round of stimulus payments, scammers are trying to get you to pay to receive your payment or to receive your payment early. Remember,

 

1.      The government will not ask you to pay anything for your stimulus payment.

2.      The government will not ask you for your SSN, bank account or credit card number.

3.      Only scammers tell you to pay by money transfer, gift card, or cryptocurrency.

 

 

 

Federal Trade Commission:

https://www.consumer.ftc.gov/blog/2021/03/ignore-bogus-covid-vaccine-survey

 

https://www.consumer.ftc.gov/media/avoid-covid-19-stimulus-payment-scams

 

Report scams to www.ReportFraud.ftc.gov.

 

For more information on Coronavirus scams go to www.FTC.gov/coronavirus

 

KIRO TV News:

https://www.kiro7.com/news/local/surge-covid-19-vaccine-related-scams-security-experts-warn/XRJIE5FVFNCK5CZ35TPYQDDKOE/

 

Check Point Software Technologies:

https://blog.checkpoint.com/2021/03/22/a-passport-to-freedom-fake-covid-19-test-results-and-vaccination-certificates-offered-on-darknet-and-hacking-forums/

Centers for Disease Control and Prevention (CDC):

https://www.cdc.gov/coronavirus/2019-ncov/vaccines/faq.html

 

FBI – Internet Crime Complaint Center (IC3) Annual Internet Crime Report

Since 2000, the FBI’s Internet Crime Complaint Center (IC3) has been collecting complaints from victims of internet crime through its website, www.ic3.gov.  The complaints are used build a database that the FBI, as well as state and local law enforcement agencies, can use in their investigations. IC3 analyses complaint data and refers data on specific internet crimes to local, state, federal and international law enforcement agencies for potential investigations. It also issues alerts to the public about internet crime trends.

Since its inception, IC3 has received over 5.6 million complaints. Over the last five years, it has received an average of 440,000 complaints per year for a total loss of $13.3 billion.

IC3 recently issued its 2020 Annual Internet Crime Report. Among its findings,

Washington State is in the top 10 states by numbers of victims with 17,229 victims for a loss of over $88 million.

COVID-19. Scammers and fraudsters took full advantage of the COVID-19 pandemic. IC3 received over 28,500 COVID-19 complaints in 2020. Most complaints related to the Coronavirus Aid, Relief, and Economic Security Act (CARES Act) involving grant fraud, loan fraud, and phishing for Personally Identifiable Information (PII). Fraudsters also targeted unemployment insurance, the Paycheck Protection Program (PPP) loans, and Small Business Economic Injury Disaster Loans.

Impersonation scammers have been using the pandemic as they contact victims through social media, emails, and phone calls to gather personal information or collect money through charades or threats.

With the distribution of COVID-19 vaccines, scammers have charged people to receive the vaccine or put them on vaccine waiting or early access lists. Fraudulent advertisements for vaccines have shown up on social media, email, telephone calls, and online.

Business Email Compromise (BEC). In 2020, the IC3 received 19,369 Business Email Compromise (BEC) and Email Account Compromise (EAC) complaints with losses of over $1.8 billion. BEC/EAC scams target businesses and individuals who perform transfers of funds. The scams are carried out when business email accounts are compromised through social engineering or computer intrusion techniques to intercept or generate unauthorized transfers of funds.

The report points out that BEC/EAC schemes have evolved, starting out in 2013 with hacking or spoofing email accounts of chief executive or chief financial officers, then sending fraudulent emails requesting wire payments be sent to fraudulent accounts. In recent years, the scam has expanded to include compromise of personal emails, compromise of vendor emails, spoofed lawyer email accounts, requests for W-2 information, the targeting of the real estate sector, and fraudulent requests for large amounts of gift cards.

In 2020, there has been an increase in BEC/EAC for identity theft and converting funds to cryptocurrency. An initial victim might be scammed in non-BEC/EAC situations including Extortion, Tech Support, Romance scams, etc., where a victim provides a form of ID to a scammer. Then that information is used to establish a bank account that is used to receive stolen BEC/EAC funds which is then transferred to a cryptocurrency account.  

Tech Support Fraud. While the pandemic caused a brief slowdown, IC3 continued to see an increase in incidences and losses to Tech Support Fraud. In 2020, IC3 received 15,421 complaints about Tech Support Fraud with losses amounting to over $146 million, a 171 percent increase over 2019.

Criminals may pose as support or service representatives to claim to provide customer, security, or technical support, offering to resolve a compromised email or bank account, a virus on a computer, or a software license renewal. The crooks might claim to be from a computer company, financial institution, utility company, or virtual currency exchange. Many victims report being directed to make wire transfers to overseas accounts or purchase large amounts of prepaid cards.

66 percent of the victims are over 60 years of age and experience at least 84 percent of the losses (over $116 million).  

For information on how to avoid Tech Support Fraud check out this IC3 public service announcement- https://www.ic3.gov/Media/Y2018/PSA180328.

Ransomware. Criminals will find a way to insert malware that encrypts a computer’s or a computer network’s data making it unusable to the user. They then demand payment to unlock the data, hence the name ransomware. In 2020, IC3 received 2,474 complaints about ransomware with losses of over $29.1 million.

The three major methods of inserting ransomware are,

 

            Email phishing- Inserting the ransomware through a link or attached file in an email.

            Remote Desktop Protocol (RDP). RDP allows people to control a computer’s resources and data over the internet. Cyber criminals will gain access to the RDP protocol then insert the ransomware.

            Software vulnerabilities. Cyber criminals take advantage of security weaknesses in software or operating systems to insert their ransomware.

 

The Cybersecurity & Infrastructure Security Agency (CISA) has become concerned that ransomware is becoming a growing internet security threat to organizations and individuals. For information on protecting your organization and yourself from ransomware checkout this CISA link- https://www.cisa.gov/ransomware

 

IC3 Internet Crime Report 2020:

https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf

 

IC3 Internet Crime Report 2020, Washington State Data:

https://www.ic3.gov/Media/PDF/AnnualReport/2020State/StateReport.aspx#?s=54

 

 

UNEMPLOYMENT SCAM – Scammers Use Text Messages and Social Media

The Washington State Employment Security Department (ESD) says it has received reports of text messages claiming to be from Washington eServices inviting you to click on a link.

The text message says that your eServices account needs your “immediate” attention (misspelling the word immediate).

ESD notes that it will not ask for information on social media such as Facebook, Twitter, Linkedin, Instagram, etc. Apparently, it has received reports of scammers making realistic looking Facebook pages for state agencies. The scammers lead claimants to emails or web pages that ask for private, secure information.

ESD also will not ask for,

·         Credit card or bank account information.

·         The Social Security numbers for your family members.

·         Gift cards or to make payments over the phone.

·         Your account login/password or access to eServices.

·         Your Social Security number over email. They will ask for it over the phone and on eServices. If you do not want to give your full Social Security number, ESD will accept your last 4 digits.

 

ESD recommends that you,

·         Be careful of fake ESD websites. ESD official websites include ESD: esd.wa.gov, ESD eServices: secure.esd.wa.gov and WorkSource: WorkSourceWA.com.

·         Be aware of the current known scams.

·         Remember that applying for unemployment benefits is free. ESD will not charge you to apply for your unemployment benefits.

·         Do not respond to text messages asking for information for your unemployment claim. ESD does not correspond via text message.

 

 

 

 

 

Seattle Times:

https://www.seattletimes.com/seattle-news/crime/dont-click-on-it-unemployment-scams-flooding-text-and-social-media-in-washington-state/

 

Employment Security Department:

https://esd.wa.gov/unemployment/unemployment-scams

https://twitter.com/ESDwaWorks/status/1367527909964066816?s=20

 

 

 

FAKE GOLD SCAM – The Annual Scam Migration Has Arrived in the Puget Sound Region

Last night, KIRO TV News reported the first sightings of fake gold scammers in the south Sound area in Federal Way and Tumwater for 2021.

In Federal Way a new SUV, with Tennessee license plates and a well-dressed man with a family offered a man a gold looking ring off of his finger for cash. The man claimed that he needed gas money.

Over the past two months, the Royal Canadian Mounted Police (RCMP) in the Vancouver area has been warning about fake gold scammers. Typically, someone in a rental vehicle with out of province plates approaches a potential victim on the street, at a gas station, bus stop, or parking lot. They explain that they have come onto hard times and need cash for gas or to return home. Some of the people in Canada look like they are from the Middle East and are well dressed. They may explain that they are well off in their home country, but they have been cut off from their funds (they possibly lost their wallet). They are often in a group that look like a family with kids.

The scammers will offer to sell some gold jewelry that they are wearing for cash. They may claim that it is family heirloom jewelry, but they will let it go at a discount.

The gold, which may be stamped as 18 carat gold, usually turns out to be made of brass or copper.

If you are approached by someone offering gold jewelry in a similar fashion, walk away, make a note of the make and model of the vehicle and the license number, then call 911.  

Note: This has become an annual occurrence over the last two or three years. The scammers appear to be a roving gang or gangs that travel throughout the U.S. and Canada. Be wary of this group and let your friends, family, and neighbors know that these scammers are in town.

 

KIRO TV News:

https://www.kiro7.com/news/local/just-say-no-walk-away-fake-gold-jewelry-scammers-target-people-near-i-5-again/AYEVLPGKPVARFLCKBQUEXGXVHA/

 

In the Vancouver B.C. area,

North Shore News:

https://www.nsnews.com/local-news/north-van-rcmp-warn-of-fake-gold-scam-3469125

 

Richmond News:

https://www.richmond-news.com/local-news/rcmp-warns-of-fake-gold-for-cash-scam-in-richmond-lower-mainland-3302413

 

 

SNOHOMISH COUNTY SHERIFF’S OFFICE – Ransomware

 

The Snohomish County Sheriff’s Office has posted its latest issue of its crime prevention newsletter. This issue focuses on the growing trend in ransomware that is victimizing governments, businesses, and individuals throughout the country.

 

Snohomish County Sheriff’s Office:

https://www.snohomishcountywa.gov/ArchiveCenter/ViewFile/Item/6617