Introduction to Fraud Related to COVID-19
Cyber criminals are using a variety of tactics online and by phone to trick employees into revealing key information that will allow them access to secure systems.
Follow these tips to prevent fraud:
- Beware of suspicious or unsolicited emails, phone calls or texts.
- Always verify that the request is authentic before you respond, validating with the contact information you have on file and by contacting the requester independently.
- Resist being rushed into a decision.
- Fraudsters often pose as colleagues, contractors or others you already know, so be vigilant when a caller is friendly and acts as if they know you. Unless you are certain of their identity, validate first or check with your supervisor.
For more fraud prevention and cybersecurity tips, visit the Office of the Comptroller's cyber center.
Teleworking Best Practices
Cybersecurity and good teleworking practices are more important than ever. Working remotely can leave your network, data and devices more vulnerable to cyberattacks, where hackers with criminal intent can access and steal important information or cause disruptions.
Follow these tips that will protect your organization's network:
- Make sure that your Wi-Fi connections are as secure as you can make them. Using a virtual private network (VPN) alone does not assure security.
- Use unique, strong passwords that are not easy to guess for your Wi-Fi connection and other applications.
- Do not use the same password on multiple applications.
- Change your password if you have shared it with too many people outside your family.
- Do not perform work business, banking or bill paying using your device on "free" Wi‐Fi (for example, in an airport or coffee house).
- Do not plug your device into free USB charging portals or charging cables, which can be loaded with malware.
- Never provide personally identifiable information, business credentials, login or account information to gain access to "free" Wi‐Fi or any application.
- Make sure your device's operating systems, virus and malware protections are up-to-date.
Phishing schemes are an attempt to get your important personal information. It usually comes as an email, but it could also take the form of a social media post, a text, a bogus website or a phone call.
The sender or caller pretends to be a trustworthy source. In the case of COVID-19, emails may seek to collect your information by taking on the appearance of an official communication from organizations such as the Centers for Disease Control (CDC) or the World Health Organization (WHO).
Follow these tips to avoid a phishing attack:
- Always verify the sender's email address.
- Don’t click on unfamiliar links in emails from suspicious sources.
- Check for misspellings and added characters in email addresses, domain names and in the body of the email or text.
Examples of phishing could include:
- A fraudulent email containing links such as "Sign up to get your stimulus money" or "Click here to get COVID-19 statistics for your community"
- A fake bank or credit card notice regarding stimulus money
Fraud Related to the Use of CARES Federal Relief Funds
As the federal government continues to distribute economic relief to businesses, be aware of potential fraud.
Our office investigates the misuse of federal funds in Massachusetts. For instance, we could investigate a company doing business and using federal funds in Massachusetts. As another example, we could investigate an individual at a state or local agency misusing federal money that the agency received.
When federal money is involved, our office often teams up with the U.S. Attorney’s Office or, less frequently, a federal IGO.
During public health emergencies, scammers often commit fraud by issuing fake invoices for much-needed medical equipment or supplies.
Follow these tips:
- Always confirm that the invoice is from a legitimate company.
- Verify that the goods or services were received before you pay an invoice.
- Be wary of invoices submitted by email that request personal information or changes to banking information.
Price gouging is when a business raises the prices of basic necessities to unfair levels in order to make a profit, taking advantage of an emergency situation. The Massachusetts Office of the Attorney General (AGO) expanded consumer protections based on the current statewide emergency prohibiting price gouging when selling goods and services necessary for public health and safety.
The AGO has received frequent reports of inflated prices for goods and services in response to growing demand due to the COVID-19 public health emergency. The goods can include hand sanitizer, face masks and gloves, and the services can include temporary personnel.
If the unreasonably high prices of consumer goods or services have impacted your town or municipality during this public health emergency, contact the AG’s Consumer Protection Division at 617-727-8400 or file a complaint online.