Criminals are leveraging fear over the COVID-19 (Coronavirus) to scam your financial institutions and consumers. By disguising themselves as a group or organization seeking financial support to help individuals or communities in need at this time. More and more of these phishing attacks are being reported, and it is important your staff and consumers know what to look for and what to do to protect themselves from giving out private information to these criminals.
These scams are being sent out through various communication channels - text messages, phone calls, and emails - and contain requests for personal or financial information, such as a card number, account number, and online banking information. The aim is to leverage this stolen information to fraudulently open a new account, either in branch or online, under your accountholder’s name.
Related News: "Coronavirus Widens the Money Mule Pool" Krebs on Security Article
With COVID-19, most organizations and individuals are facing interrupted environments and priorities at work and in our day-to-day lives, and criminals are taking full advantage. Help arm your employees and accountholders with tools and information to keep their guard up during this complicated time, so they don’t have the added stress of being hit with one of these malicious attacks.
Risk Prevention Education
To help employees and consumers thwart COVID-19 related phishing scams, offer education about what they should look for and do to protect against these crimes.
- Advise employees and consumers to never respond to or open any COVID-19 related emails or email links requesting financial or private information, unless they know the individual or initiated the request.
- Advise your employees and consumers to avoid opening unrecognized emails or email links of any kind, if it is from an unrecognized sender. Ask that they delete these kinds of suspicious emails and – if possible – report them to the FTC or and identified contact within your financial institution.
- Advise that nobody should provide personal or financial information of any kind to an incoming requestor, even if the communication looks legitimate. Look up the requestor’s contact information, and reach out to validate the request.
- In some cases, consumers are receiving calls pretending to be your financial institution. To prevent exposure, post an alert on your website and/or send a communication out to your accountholders stating that you will never reach out to them to request personal or financial information.
- In some cases, scammers pose as an individual from the health community - i.e. an individual’s health care provider - requesting financial assistance to help address the COVID-19 crisis. Warn your consumers about these emails. Advise that they reach out to the organization directly to validate any type of request, even if it is from a health organization they partner with or recognize.
- Keep an eye on the news for variations of this and other phishing crimes, to stay educated and share out relevant resource.
- Tell employees and consumers to be especially wary of direct requests from the CDC and WHO, as some phishing attacks are being disguised as emails from these organizations.
- Share additional resources with education on warning signs and prevention tactics for phishing attacks, to help your employees and consumers avoid falling prey to these schemes.
- Click here to view and share the FTC’s article on phishing scams.
Communicating to your employees and consumers about the increased risk of phishing attacks tied to COVID-19 can have a dramatic impact on reducing the risk of these crimes. Ongoing education and awareness is key to keep the fraudsters away from the credit unions and your credit union members.
Register for our Webinar: “It’s 2020: Don't Let Your Member Data Fall Into the Wrong Hands”
Stay Informed on Resources from Allied Solutions: Join our e-newsletter list!