Fraud Watch – Post-Pandemic Edition
| 5 min read
For most businesses, 2020 was a rollercoaster full of surprising twists and turns, especially as it pertained to securing financial assistance to compensate for pandemic losses.
So when Congress passed the CARES Act in March 2020, there was a collective sigh of relief as a rush of lending was unleashed under the Paycheck Protection Program (PPP). While the PPP served as an important lifeline for many businesses, it also set off a wave of confusion due to the program’s unprecedented size and breadth.
As we’ve seen in the past, available funding during a confusing time creates opportunities for scammers who are lurking around the corner. And while the PPP may have ended earlier this year, the scams certainly haven’t.
Many have written about the various attempts to scam the PPP system, but fewer have paid attention to scammers using these government programs to dupe unsuspecting victims. Here are just a few of the latest scams that fraudsters are using to take advantage of the COVID-19 pandemic.
Bridge Loan Scams
Often, it’s at the most vulnerable point where consumers fall victim to scammers. The bridge loan scheme takes advantage of the uncertainty over funding sources by acting as a business’ saving grace, while actually serving to steal a business’ money at a time when they can least afford it.
Bridge loan schemes typically target those waiting on a large loan, such as the Economic Injury Disaster Loan, which provides up to $500,000 to eligible businesses who suffered from the effects of the pandemic.
While a business awaits approval, the scammer reaches out through email, offering a “bridge loan” to help get the business through the waiting period. These bridge loans often feature high interest rates and may request money upfront in order to initiate the loan.
Of course, the loan isn’t actually a loan at all, but rather a way to dupe you into sending the scammer money or banking information.
The Small Business Administration (SBA) states that they will never initiate contact for loans or grants, so if you receive unsolicited emails from the SBA or other government agency, consider this a major red flag. If you suspect that you may be a victim of a bridge loan scheme or have received suspicious emails, contact the SBA at 800.659.2955 or email them at [email protected].
Phishing Scams
The explosion of remote work in 2020 resulted in a parallel growth in email phishing scams, which made up the highest amount of complaints last year, according to FBI statistics. These types of attacks increased in complexity and sophistication at a time when businesses are busier and more stressed than ever, making it more likely they’ll be caught unaware.
In a basic phishing scheme, the attacker sends an email purporting to be someone else, typically a government agency or other authority. The objective is to get the receiver to either click on a link loaded with malware or get them to submit personal information that can be financially exploited.
Phishing scams can take several shapes and have existed for years. But recent phishing attempts have focused on COVID-19 relief efforts, such as PPP funding or other private loan sources. Some common phishing scams may use the logo of the SBA or other government agency to lend an air of credibility.
Often, the fraudsters using these phishing attempts will contact you while you wait for loan approval and ask for personal information under the guise of being used for the loan application. Scammers use the information to gain banking access or install harmful malware into your system.
In other instances, the scammer may offer you a “preapproved” loan with an unspecified interest rate. Be wary of any notices that you’re “automatically” approved for anything.
The SBA advises consumers to ensure there is an accurate application number listed on any correspondence from government agencies. Pay close attention to the email address, as any government emails should be coming from a .gov suffix.
Business Email Compromise Scams
Scammers aren’t just impersonating government agencies. They also might impersonate your coworkers or even your boss.
As remote work becomes a more permanent part of many people’s lives, Business Email Compromise (BEC) attacks take advantage of the frequency and fast pace of digital communication.
BEC attacks increased nearly 70% from 2019 to 2020, costing U.S. businesses $1.8 billion last year and comprising 37% of all cybercrime losses, according to the FBI Internet Crime Complaint Center. To put this into perspective, losses from ransomware, a much more high-profile cybercrime, totaled just $29 million during the same period.
In a BEC attack, the scammer sends an email appearing to be from someone in your professional network. Once the victim trusts the email, the scammer proceeds to collect personal information, such as bank accounts, under the guise of a business request.
BEC attacks come in a few different flavors, some of the most common including:
CEO Fraud – The attacker impersonates the CEO or another executive officer, usually to request a money transfer to an account owned by the attacker.
False Invoice – The attacker sends a fake invoice purporting to be from a real company you commonly do business with.
Data Theft – The attacker targets a business’ HR department to obtain personally identifiable information, such as employee tax statements.
Regardless of the type of scam, there are a few suggested rules of thumb to keep you on the safe side of a BEC attack. These include:
● Closely examining any email addresses and URLs sent from anyone—including colleagues
● Never opening an email attachment from an unfamiliar email address
● Not clicking on anything in an unsolicited email or text message requesting to update and/or verify your information
● Being careful about revealing personal details over email, such as your children or pet’s names, as this can provide clues to your passwords
● Verifying payment and purchase requests from the requestor before initiating
● Being wary when the requestor is pressuring you to act promptly
● Being skeptical when the requestor asks you to bypass normal channels and/or asks you to keep their request confidential
During times of turmoil, scammers tend to work overtime. Stressful periods can lead even the most detail-oriented person to slip, especially for time-sensitive tasks.
By keeping up with the latest scam trends, you can stay ahead of cyber attackers with a solid defense. As always, be protective with your personal information such as passwords, and be discerning of any correspondence you receive over the internet. It’s always better to be safe than sorry.