COVID-19 Scams, Frauds and Misinformation: Do Not Let Fear and Isolation Allow You to be Phished
Last updated April 1, 2020
Since we first addressed the issue of fraud and scams that have arisen since the COVID-19 outbreak left most of us working remotely, or studying on line, or using the internet as our primary means of staying in touch with each other, our clients and others, the concerns have not diminished.
Online Classroom Compromises
The FBI has reported an increasing number of cases involving the hijacking of video-teleconferences (called “Zoom-bombing”). In the middle of a classroom lesson, malicious actors are posting pornographic images, messages of hate and threatening language.
To better safeguard any videoconference session, the FBI recommends:
Do not make meeting or classrooms public. Instead, either set a password or set up a waiting room and admit only intended participants
Do not share the link to the conference through an unrestricted public post
Restrict screen sharing to the host unless otherwise necessary
Make sure that participants are using the most recent version of the platform
Lock the meeting after all invited participants “arrive”
If Zoom is being used, be sure to apply the patches recently made available for both the Mac and Windows version.
Be sure to report all such incidents to the FBI at ic3.gov.
“Thank You’s” Delivering Malware to Healthcare Workers
Bad actors have been distributing USB drives to healthcare workers that purport to be “thank you’s” from a trusted source (e.g. your local mayor or chamber of commerce). Instead, these drives are preloaded with malware which launches when installed into your device.
Fraudulent Economic Stimulus Check Phishing Emails
Phishing emails are being sent purporting to be from the US Government to deliver your stimulus check. These emails ask you for your personal information (date of birth, social security number and the like). The government will NOT issue unsolicited emails requiring you to enter your personal information in order to send to you money.
Two malicious sites were launched in the last week seeking to lure people into clicking on links and downloading malware. The first, antivirus-covid19[.]com was taken down but as of today, the second was still live and distributing its malicious payload: corona-antivirus[.]com.
Remember: Do not click on unsolicited links or share your personal information in response to an unsolicited promise of money, gift cards or otherwise. And if you want to donate to those in need, do your own research to find the desired charity’s real site.
Fraudulent Charity Solicitations
During this time of crisis, scammers are looking to take advantage of our desire and need to connect and help people. If God forbid you have a loved one that has taken ill, if that information falls into the hands of a bad actor, you could receive a “go fund me request” purported to be from the loved one’s family.
Or a request to donate to the Red Cross fund for more face masks and gowns for medical personnel.
Before you donate to a fund, do your own research. Look up on the internet the known source, and if possible, call the known number of the purported beneficiary of the fund and/or the organization (not the number listed in the solicitation) to confirm before you provide your credit card number or click on a malicious link.
If you receive a phone call asking you for your credentials from a supposed known organization, ask the person for his/her name and title and the name of their supervisor. Then, look up the organization, call the known number and verify that such a person is so employed.
As we have been hearing in the news, federal and state governments are working to make funds available to low income households and to small business owners. The FBI warns of emails “asking you to verify your personal information in order to receive an economic stimulus check from the government.” If you are eligible for these monies, the government will NOT contact you by email and ask you to verify your credentials.
False CDC messages and apps: The FBI warns of supposed emails from the CDC. The FBI cautions “be wary of websites and apps claiming to track COVID-19 cases worldwide or in your country or state.” This tactic is being used by criminals to then release onto your device ransomware which will lock or encrypt your device until you pay the demanded money.
Other examples may purport to be refunds from recent travel you booked, or supposed cures or medicines to ward off the COVID-19 virus.
Counterfeit Treatments or Equipment
The FBI also warns of bad actors claiming to sell any “products that claim to prevent, treat, diagnose, or cure COVID-19. Be alert to counterfeit products such as sanitizing products and Personal Protective Equipment (PPE), including N95 respirator masks, goggles, full face shields, protective gowns, and gloves.”
Law Enforcement Actions Against Alleged COVID-19 Scammers
Law enforcement crackdowns on individuals peddling fake COVID-19 treatments continue. In what may be the first federal criminal case in the United States stemming from the pandemic, on Wednesday, March 25, the FBI arrested a Southern California man named Keith Lawrence Middlebrook, for perpetrating an alleged COVID-19 treatment and “cure” investment scam. As detailed in the criminal complaint, Middlebrook promised massive profits in numerous solicitations for investments in companies he called Quantum Prevention CV Inc. (QP20)—which he stated would be used to mass produce pills he claimed would prevent COVID-19 and an injectable, “patent-pending” serum that supposedly would cure COVID-19 patients within two to three days; as well as in Quantum Cure CV 2020 (QC20)—which he claimed would be used to market the supposed COVID-19 prevention pills and the injectable “cure.” In at least one investment solicitation, Middlebrook claimed that former NBA star Earvin “Magic” Johnson was a member of the board of directors; although Mr. Johnson confirmed to investigators that he knew nothing of Middlebrook’s company. Additionally, in a text message to a cooperating witness, Middlebrook asserted that “Investors who come in at ground level say $1M will parachute with $200M – $300M…Conservative Minimum.” Middlebrook also employed social media to hawk his supposed miracle cure, posting a video on his Instagram account in which he stated that he had created the cure for COVID-19, and brandished a syringe with a clear liquid while describing how his “cure” worked.
This criminal action and the other fraudulent schemes that likely will be uncovered in the days and weeks to come underscore the dire need for members of the public to take precautionary measures to protect themselves from similar COVID-19 scams. The vetted resources below should be consulted, rather than fly-by-night websites promising quick fixes.
Public Health and Law Enforcement Resources
For legitimate, verifiable information, please visit:
U.S. Food and Drug Administration website, www.fda.gov,
Environmental Protection Agency website, www.epa.gov.
If you are looking for up to date information on COVID-19, you can visit the CDC site at www.cdc.gov and www.coronavirus.gov. Do not open attachments or click links within emails from senders you don't recognize.
If you do have your identity compromised or you have fallen victim to a scam, please do the following:
Report the incident to the FBI’s Internet Crime Complaint Center at www.ic3.gov.
Report any theft to your local police department.
If your credit card was involved, contact the credit card company.
Check your credit report with Equifax, TransUnion or Experian.
If your social security number was involved: www.identitytheft.gov or call 1-877-IDTHEFT.
If a tax filing was compromised: www.IRS.gov/UAC/Identity-Protection or 1-800-908-4490.
For additional information pertaining to the coronavirus outbreak, please visit CSG's COVID-19 Resource Center.
This publication contains general information on recent legal developments and is not intended to provide legal advice for a specific situation or to create an attorney-client relationship. Attorney Advertising. Prior results do not guarantee a similar outcome.