Tired of COVID-19 news and listening to the different ways fraud actors are taking advantage of the pandemic? This feeling can be referred to as “COVID fatigue.” As our fatigue levels increase, our instincts to catch fraud decrease. Unfortunately, this creates complacency and opportunities for fraud threat groups to create new attack methods and grow their attack frequencies at an alarming rate.

Back in the spring of 2020, we saw phishing campaigns claiming to have the most recent information and statistics about the global pandemic, luring victims into clicking dishonest links or downloading malicious files. During the second wave of COVID-19, we saw campaigns built around vaccination details, urging recipients to provide personal information. 

What do you need to look out for now that we’re over a year into the pandemic? Here are some new fraud scams that businesses and employees should be aware of.

2021 fraud scams related to COVID-19

Phishing scams

Phishing emails, phone calls, and SMS messages can be potentially damaging to both you and your company. These scams work to create a false sense of urgency and are designed to trick you into performing some sort of action that can give the fraud actor access to your devices or funds. With a business, fraud actors typically aim to infiltrate the email inboxes of executives, and then request a money transfer or wire to a foreign country. Here are some recent examples of scams related to COVID-19:

• Fraud actor who impersonates a representative from a pharmaceutical company offering in-office COVID-19 vaccination kits with the intent to collect a large sum of money from the victim
• Private companies offering fast and efficient COVID-19 in-office test kits
• Representatives claiming to be from third-party companies offering to help you fill out certain applications such as the CERB or CEBA or other financial aid for businesses.

False representation

The Canadian Anti-Fraud Centre has reported many successful fraud scams, including ones where fraud actors have posed as:

• Financial institutions. These callers tend to trick their recipients into thinking they are calling from a legitimate financial service company to offer low or no interest loans, easy debt consolidation and other financial services. Businesses experiencing financial distress are especially vulnerable to these scams.
• Cleaning or heating representatives. These callers pose as individuals from cleaning or heating companies, offering top-of-the-line air filters or cleaning services to help businesses with employees working from home to combat COVID-19. With many individuals now working and spending most of their time at home, this is especially alarming.
• Public and international health agencies. These callers impersonate these agencies by calling to offer a faulty list of individuals that may be impacted by COVID-19 within the workplace.
• Canada Revenue Agency, Fraud actors will claim to be calling or sending an email from the CRA, calling to collect an outstanding amount owing, or by providing a malicious link that lures the recipient into thinking that funds are available for businesses to deposit in the form of a tax return or refund.

Spear phishing

Also called business email compromise, spear phishing is a special kind of phishing attack dangerous enough to deserve special attention. It involves emails tailored specifically to the target business. The email typically comes from a recognized email address (or one designed to trick the reader into thinking it’s a recognized address). There are several variations of this scam. Some of the most common methods include:

• The fraud actor or threat group will target financial institutions by sending a spoofed email from an existing client. The email will include instructions on completing an urgent wire transfer or external funds transfer.
• The fraud actor or threat group will send an email that appears to come from an existing employee of the targeted business. The impersonator will request updating the employee’s direct deposit details.
• The most common method of spear-phishing involves a fraud actor targeting a business by impersonating an existing vendor, supplier or wholesaler. The email will appear to come from the party with an existing relationship, requesting to update payment details before an invoice is paid. 

Quick tips for business owners to prevent fraud

As a business owner, it’s important to be on high alert to prevent fraud from happening in the first place by following a few simple steps:

1. Slow down.
2. Be knowledgeable and aware of phishing techniques.
3. Use unique and hard-to-guess passwords.
4. Understand the most common methods of attack (e-Transfer fraud, wire fraud and so on)
5. Educate your employees about recent scams and common trends.
6. Know where to report suspicious emails—set up an easy to remember email address for your employees to report them.
7. Offer fraud training awareness to all employees and update it on an annual basis.