Tips for Ensuring Your Nonprofit Isn’t Scammed During COVID-19

COVID-19 continues to dominate headlines—in more ways than anticipated. While cybercriminals are always looking for ways to scam victims, pandemics provide additional opportunities for fraud. As people are spending more time than ever on their smart phones, iPads, and computers for work, shopping and entertainment, cybercriminals are ramping up their activities and getting more creative with their methods of hacking unsuspecting victims.

According to the Federal Trade Commission (FTC), scammers are using COVID-19 to further target consumers and businesses alike. They’re setting up websites, contacting people by phone and email, and posting dishonest information on social media platforms. Being aware of the different types of scams out there is the first step in protecting yourself, your business and your employees. Knowing how to handle those scams can save you a great deal of headache down the road.

The following are some examples of scams linked just to COVID-19:

• Government Check Scams – Attempt to get you to make a payment in return for available business funds.
• Business Email Scams – Create dummy accounts that look like they come from a company executive asking an employee to make a financial transaction.
• IT Scams – Emails that appear to come from your tech team asking for a password or directing your employee to download infected software.
• Supply and Shopping Scams – Create fake stores, e-commerce websites, social media accounts, and email addresses claiming to sell high demand supplies like hand sanitizer and face masks. 
• Robocall Scams – Use a recording that appears to come from Google to target small businesses who may be affected by the Coronavirus, warning them to “ensure your Google listing is correctly displaying. Otherwise, customers may not find you online during this time.”
• Phishing and Malware Scams – Gain access to your computer to steal your credentials. 
  • Malware is malicious software or viruses that can be activated when you click on email attachments or install risky software.  
  • Phishing is used to convince you to share sensitive data such as passwords or credit card information by pretending to be someone you know.

Take the following precautionary measures to protect your organization and its employees from known and emerging scams:

• Independently verify the identity of any company, charity or individual that contacts you regarding any COVID-19 related content.
• Ensure you’re using reliable resources to get up-to-date information on the Coronavirus. The Centers for Disease Control and Prevention (CDC) and World Health Organization (WHO) websites are your safest sources.
• Be wary of unsolicited emails offering information, supplies, or treatment for COVID-19 as well as anyone requesting personal information. Fraudulent emails may be infected with malware designed to capture keystrokes, credentials, or payment information.
• Do not click on links or open email attachments from unknown or unverified sources.
• Make sure your anti-malware and anti-virus software programs are operating and up to date.
• Use secure login methods such as requiring multiple password authentication for remote employees.
• Secure home networks by using encryption which scrambles information sent over a wireless  connection so outsiders can’t read it.
• Never provide personal information to anyone who calls out of the blue.

With so many people working remote, hackers are looking for companies to drop their defenses, making it easier to infiltrate networks. When people are aware of what scams are out there, they are much less likely to fall for them. Talk about the risks with your management team, create a simplified outline of what to look for, and how to respond and relay to your entire staff.