Latest reports on coronavirus and business scams: Internet Scambusters #903
This week, we're launching a new feature spotlighting the latest coronavirus scams.
Because these con tricks are running way ahead of any other scams at the moment, we'll kick off this issue with our report.
But we've still got our regular Scambusters news spot this week, featuring a couple of new threats to small businesses.
Let's get started...
Fake Identities Threat to Business + Coronavirus Scams Update
Coronavirus Scam Spotlight on Government Cash Payouts
It's good news that Americans will get a cash payment as part of the government's stimulus package to boost the economy -- but don't let the scammers get their hands on it.
Online security researchers report that crooks are phoning, texting, and emailing people telling them they have to make an upfront payment to release their entitlement.
Not so. If you're asked to pay, it's 100% a scam.
And so is any message that asks you to provide your bank account details so the money can be transferred directly. Same goes for requests for Social Security numbers.
That's not to say direct deposit won't be one of the options as the money starts flowing, but that will likely happen automatically.
Although details were still sketchy at the time of writing, the stimulus payments, as they're called, will likely come from the IRS (as happened in 2008). The agency will either send out checks to home addresses they have on file, or send money direct to banks where they have your details from your 2018 tax year filing.
They won't be contacting you and it will be up to people who don't get their payment -- because of errors, oversights, or lack of contact details -- to contact the IRS. More details on this will emerge in the coming weeks.
So, don't let your impatience overrule common sense if someone offers you a shortcut to your cash.
Fake Identities Threat to Business
Now, we all know about identity theft -- where someone passes themselves off as you to steal, buy, or borrow money and goods.
But here's a new one. Scammers are perfecting a technique that enables them to create new identities of people who don't exist at all. It's called synthetic identity fraud (SIF).
They use stolen and fake data to build up a whole background of a non-existent person to buy stuff and apply for loans. Although they may not be impersonating you directly, they may use things they know about you to create their non-existent person.
The main target of the fraudsters is not the average consumer but firms, especially small businesses, who may be tricked into believing they have a new customer.
According to the US Federal Reserve, SIF is now the fastest growing financial crime in the country.
To make things worse, it's also one of the most difficult crimes to detect.
Big financial institutions are bearing the brunt of this scam -- to the tune of about $6 billion a year. But it also emphasizes the importance for anyone in business, even if you're a sole proprietor, to make sure you carefully check the identity of anyone you haven't met who signs up to do business with you, especially if they're seeking credit.
And check with your credit card payment processors to learn what they're doing to protect you from this threat, which one security analyst -- Kyle Marchini of Javelin Research -- describes as "a recipe for disaster."
Kids at Risk
Individual consumers are not immune from this scam either.
Security analysts say the main sources of Social Security numbers (SSNs) being used by the SIF crooks are those belonging to children. In a sense, these are like unused numbers, and the scammers just attach them to their fake identities.
Researchers at Carnegie Mellon University found that kids' SSNs were more than 50 times more likely to be used than those of adults for synthetic identity fraud. And the Federal Reserve estimates more than a million of these children's numbers may already have been used in this way.
This works because the big credit bureaus don't routinely keep records of kids' SSNs until they are submitted for credit purposes. To all intents and purposes, the numbers are new to them. But you can put a freeze on any attempt to use the number with the credit agencies.
Google AdSense Extortion
Our second small business scam alert this week focuses on an extortion attempt aimed at websites linked to Google's AdSense program.
Online security expert Brian Krebs reports that victims receive a message threatening to bombard ads on the victims' own sites with automated clicks.
Clicks generate revenue for a website that hosts advertisers. You click on the ad and the hosting website gets paid. It's no wonder that unscrupulous website operators in the past used software to rapidly click the ads -- until Google stepped in and stopped them.
Anyone found using automated clicks risks being thrown out of the AdSense program. Which is where the scammers come in.
They threaten to bombard sites with automated ad clicks, making it appear that the website operator is breaking the rules -- unless you pay a ransom to prevent them from doing this. Payments have to be made in untraceable Bitcoin.
Of course, as with all extortionists, the scammers won't necessarily stick to their part of the deal if you pay up. They'll come back for more.
The correct action to take is to notify Google about the threat.
The firm has set up a page dealing with sabotage events where you can learn how to respond.
That's it for this week. But don't forget to look out for more coronavirus scam updates in the coming weeks. And do your friends and family a favor by passing them our newsletter or links to scambusters.org. Stay safe!
That's all for today -- we'll see you next week.