COVID-19 Crimes of Fraud Part Two: Target – Individuals
By TorchStone Vice President, Bill Whiteside
COVID-19 has become a perfect distraction for criminals to obtain your identity, wreak havoc on your credit score and potentially cause you additional financial hardship. Identity fraud can be called the “Invisible Crime.”
The pandemic and economic downturn have been the perfect storm for opportunistic internet identity thieves to target the individual, but these acts have been overshadowed by high profile crimes of price-gouging, insider trading and theft of funds from government entities and corporations that make the headlines as noted in Part One of this article. While the above listed crimes have been the focus of powerful state and federal departments and agencies, the theft of “your” identity by invisible thieves working behind the scenes does not garner such attention. Price-gouging, hoarding of key supplies, healthcare fraud, antitrust and anti-competitive activity, insider trading, etc., have the full legal attention in 36 states because they were triggered by declarations of emergencies, but not for individual identity fraud.
There are reports of fraudsters using stolen identities to try to obtain Coronavirus stimulus funds. Claims are filed with stolen personal identities that steal pandemic unemployment compensation checks and compromise direct deposits of unemployment benefits. Attempts to aggressively pursue and prosecute anyone perpetrating identity fraud have not been very successful.
While law enforcement’s success rate is low in identifying and stopping such criminals that prey on individuals, there are preventive steps you can take to make yourself less vulnerable to becoming a victim.
The spike in online purchases and vulnerabilities from internet commerce while people have been staying at home during the pandemic has also facilitated the rise in criminal activity online. Find an App, find a product and buy, buy, buy. Delivered in a day or two… product satisfaction and all is well again or is it. To the criminal’s advantage, this health crisis has resulted in an approximate 13-16% USA unemployment rate. This additional pressure can and has caused emotional distress and lead to impulsive buying decisions that criminals prey upon. Many criminals have moved to the target rich online buying world using stolen information to steal and ruin people’s lives. The desire of companies to sell their goods because their stores are closed has possibly reduced their timely ability to confirm if the buyer is who they appear to be.
An Experian survey found that of those questioned about COVID-19 related fraud, 33% reported doing more online shopping now than they did before; other surveys show an even higher percentage of increased online shopping. And while a spike in online shopping can be considered normal under such stay-at-home orders, the exposure to fraud increases as more and more people are sharing their personal information online.
The FBI lists the goals for identity criminals as being able to secure your social security number, date of birth, Medicare, Medicaid claim numbers, home and business addresses, birth certificate, death certificate, passport number, financial account numbers (savings, checking, CDs, money market accounts), credit cards, passwords including your mother’s maiden name, telephone numbers, etc. Criminals will use social engineering ruses such as impersonating marketers, phishing emails and the like to try and get you to divulge your personal information, thereby increasing your vulnerability to identify theft and fraud.
While we would like to believe that criminals will not be able to access our personal information, they are adept at using the internet to comb through our social media profiles and other information in the public domain to gather critical personal information here and there that allows them to commit identity theft online.
Examples of Typical Techniques Used by the Bad Guys:
Phishing: Phishing attacks use email or malicious web sites to solicit personal data that is often valuable financial and medical information. A popular ruse by these attackers may be to send an email from a seemingly legitimate credit card company or financial institution that requests account information, often suggesting that there is a problem they need to rectify. This scam still tricks victims when their guard is down, and they are focusing on other things.
Malicious Websites: There is also an increased number of hackers creating malicious websites that appear to be legitimate public health or employment resources. For example, a link will seem to direct you to a COVID-19 map of cases near you, while infecting your computer or phone with spyware—another criminal information gathering tool. There has also been a proliferation of bogus employment posts that trick people into sending money and personal information to get in on supposedly “priority” job hunting lists.
Most people think they are savvy to the ways of the identity fraudsters, but they still overlook seemingly insignificant inquiries from 3rd parties that are actually attacks on their information. Criminals try and obtain little bits of information over long periods of time to build on your identity.
Many people have been working from home as companies try to lessen the spread of the virus in traditional office buildings. Because of this, many people do not have the proper computer encryption protocols at home. Unprotected wireless security networks at home also put critical information such as client files, employee directories and other confidential information at risk.
Bad actors use any number of ways to criminally solicit information from the unsuspecting. According to Consumer Affairs the following are common scams so far in 2020:
- Fraudulent e-commerce vendors for masks, sanitizers, and test kits
- Fraudulent investment sites
- Phishing through update emails, text messages and voicemail requests
- Spoofed (fake, but made to look legitimate) government and health organization communications
- Fake vaccines or “miracle cures” to invest in
- Scam employment posts
- Phone or utilities scams
- Phony charity donation offers
With enough identifying information about an individual, a criminal can take over that individual’s identity to conduct a wide range of crimes. Examples include:
- False applications for loans and credit cards
- Fraudulent withdrawals from bank accounts, account takeovers
- Fraudulent use of telephone calling cards or online accounts, or
- Obtaining other goods or privileges
Many of these acts result in a financial loss or a negatively affected credit score, which can impact applications for car or housing loans and mortgage refinancing opportunities.
With the rapid changes being made and new supportive financial programs rolling out in response to COVID-19—including the tax due-date extension and direct stimulus payments from the Treasury Department—fraudsters continue to identify human weaknesses and manipulate the good for bad. Americans have received numerous calls from scammers posing as the IRS. Criminals have had extra time to target IRS and State tax refunds since the filing date was moved to July 15, 2020.
Stolen identity tax refund fraud involves the acquiring of a victim’s date of birth and social security number, and then filing fraudulent tax returns with the request to direct the refunds to pre-paid debit cards or bank accounts under the criminal’s control. Victims often do not realize that they have been targeted until they try to file their legitimate tax returns, or they receive a tax audit notice in the mail.
Children are also targeted because identity thieves can use a child’s social security number to establish a fraudulent “clean account.” Children have resorted to even more online gaming, and online buying during this pandemic, making them possible easy targets for gathering information on them and their parents.
Seniors are targeted most often over the telephone and through phishing scams. Criminals know that seniors are more trusting as they age and are less able to detect the fraud. Consumer Affairs also notes that identity thieves often target the recently departed with information obtained from public obituaries to access the deceased’s social security number through the Social Security Administration’s Master Death File to manipulate and obtain different death benefits. This type of fraud is called “ghosting.”
Experian has reported that the risk of fraud while shopping online is something most consumers they spoke with have taken to heart. They report that 52% of those surveyed said they were somewhat, very, or extremely worried their bank account information could be stolen while shopping online. Another 54% were at least somewhat concerned that their online shopping accounts (like Amazon) will be hacked, and 57% were at least somewhat worried that shopping online could result in a loss of personal data such as a social security number.
At the other end of the spectrum, nearly one-third (30%) of Experian respondents said they were shopping online less in-light of the COVID-19 crisis. This reduction could be the result of several factors, including economic hardship and not the desire to protect against the possibilities of fraud during this period.
Some tips to protect you with online buying and information searches:
- Always hover over links before you click to make sure the hyperlink is the same as the link-to address (destination URL)
- Be extra cautious about emails from unknown people… especially if they seem random, illogical, or unusually friendly
- Look-up a company yourself, do not let a company’s pop-up solicit you to buy, or donate money even if the company is recognizable at first glance
- Make sure that your anti-virus and anti-malware software is up to date
- Do not respond to “spam”– unsolicited emails on your computer or phone. Many times, there are promises of nice benefits in exchange for identifying data
- Be aware if you start to see your information show-up in many places online like the banners on your computer screen that seem to know about your online spending habits. Online marketers are nosier and nosier, and they sell your information to anyone
- Additionally, unsolicited emails and especially Apps can include attachments or links that if opened, install information-gathering malware
Everyone’s personally identifiable information is pure gold on the Internet. Most Americans are now aware of scams related to COVID-19, and many are being more vigilant in protecting their private data. There are smart precautions you can perform to mitigate fraud and one is to have us perform a Public Profile Vulnerability Assessment on yourself and family. We use this starting point of identifying your current publicly available information on the Internet to establish exposure and vulnerabilities. Where is your name and information listed? How visible are you? Our assessment leads to the ability to edit, suppress, or remove personal information that is circulating on the Internet and keep on-top of what is publicly disclosed in the future.
As we recover from the health and economic crises, identity thieves will remain a looming threat. Some tips have been provided to limit your exposure, but if you are a victim of identity fraud you should start by filing a report with your local police. However, you can be proactive and limit your vulnerability to these criminals. Knowing what your current internet identity footprint looks like is a first step.