Main BOS Logo

As the novel coronavirus has spread across the world, it has ushered in a global health pandemic and an unimaginable tragic loss of human life. All the while, another insidious and deceptive threat has been proliferating at a rapid pace: financial fraud.

True to form, hackers and thieves routinely view crises and times of great fear and uncertainty as opportunities to ramp up their efforts. This time of COVID-19 is no different. Fraudsters have worked with remarkable speed, scope, and efficiency in the rush to capitalize on this crisis. Since the beginning of the year, the Federal Trade Commission (FTC), whose mission is to protect America’s consumers, has received over 18,000 COVID-19-related fraud reports, claiming losses of nearly $13.5 million dollars. In the first few weeks of April, the FTC received about four times as many complaints regarding identity fraud as it had in the previous three months combined.1 Just as the true scope of the virus infection rate has been hard to assess due to lack of widespread testing, many experts believe that actual fraud victims far outstrip those that report.

While some of the fraud attempts are uniquely of the COVID-19 making, such as scammers using stolen personal information to claim fiscal stimulus checks and unemployment benefits on behalf of unsuspecting Americans, many of the scams are variations of the most common types of fraud that are already out there, just with a coronavirus twist. Scammers aren’t necessarily following a new playbook, but they are exploiting the fact that fear and uncertainty make for a larger pool of vulnerable victims.

Almost all cybersecurity and fraud experts believe that increased education and awareness among the public is the single most important weapon in stopping cyber-fraud in its tracks. This means knowing what to look for and following some best practices to keep yourself safe. Typically, fraudsters aren’t exactly the stick-to-it type. It’s a numbers game for them, so if they aren’t able to lure you into a scam after a first attempt, they’ll likely move on to their next target.

So, what can you do to protect yourself? Here are a few best practices to keep in mind.

1. Regard any unexpected email with an almost universally suspicious approach, even if the email came from a friend, relative, or colleague.

Do not click on any unrecognized links or open any unfamiliar attachments. With our ever-increasing reliance on technology and email, phishing and malware have emerged as the most pervasive forms of cyber-fraud, now more common than credit card payment information theft.2 These types of attacks will typically come in the form of an email soliciting potential victims to disclose personal information or click on a malicious link that may then install malware on the individual’s computer or network and/or direct them to a fraudulent site. Many hackers spoof domain names so they look familiar at first glance, but in reality, they may have one inconspicuous difference, such as a missing letter.

If something seems off or not quite right, trust your instincts. Close the email immediately, delete it, and if it came from someone you know, check in with that person to alert them that their email may have been hacked.

2. Be especially aware of emails (though this applies to calls and texts too) that heighten your level of fear or urgency.

The novel coronavirus is just the calamity of the hour. Scammers often tailor their schemes around a current crisis and/or seasonal event, like a holiday or tax season. It’s much easier to miss a red flag or click without thinking when emotions are heightened.

As extreme as it sounds, it’s probably advisable to be suspicious of any unsolicited email you receive offering information on COVID-19, including useful statistical information on infection rates, treatments, or new cleaning products that promise to mitigate the threat of the virus. If you’re looking for helpful information to stay informed, it’s always best to navigate directly to a website from your browser instead of clicking on a link.

The inverse of drumming-up fear holds true as well. Fraudsters may play to people’s heartstrings with all manner of emotional human-interest stories and solicitations for charitable donations. Always verify any charitable organization’s authenticity before making a donation and never donate in cash, with a debit card, or via wire. Credit cards and checks are generally safer.

3. Adhere to strong password principles.

The world’s most common password is still “123456,” and the notorious data breach of Equifax in 2017 that exposed the personal information of more than 147 million Americans was a result of scammers cracking the unbelievably sophisticated password of “admin.” As tempting as it might be for ease of use, do not duplicate passwords across accounts. Password managers can help store more complex and unique passwords, so you don’t have to remember them by heart.

4. Enable multifactor authentication for all logins.

This type of authentication requires two or more pieces of information from a user to prove their identity — typically a password and another factor. Common types of multifactor authentication include SMS-based verification (text), email-based verification, and two-step, push-based verification, which is used widely by both Google and Apple across their suite of products. Two-factor authentication (also known as 2FA), which is a subset of multifactor authentication, may also use two different “knowledge” factors (things a user knows) like a password and a “secret question” answer to verify the user’s identity. Many times, multifactor authentication is disabled by default, so you may need to alter your security settings to opt in.

5. Make sure your operating system, browser, and antivirus and anti-malware software have the latest software updates.

If possible, allow for automatic updates to ensure you always have the most recent version. Companies are continually adding new and enhanced security to their products to keep up with the speed in which hackers evolve.

6. Be vigilant of the next frontier.

While phishing and malware are the top cyber scams de jour, hackers are now increasingly targeting us on our mobile devices as they become more and more central to our lives. Not only do our phones feature prominently in current authentication methods, the “Internet of Things” has rendered our phones the command centers for everything from household appliances, security alarm systems, thermostats, and even our cars. Making sure you bring as much awareness to your mobile activity that you do when using your other devices is essential in this increasingly mobile world.


1. Paul Witt, “COVID-19 scam reports, by the numbers,” Federal Trade Commission, April 15, 2020,

2. Danny Palmer, “Ransomware is now the biggest online menace you need to worry about – here’s why,” ZDNet, April 22, 2020,

Additional Sources of Information:

Federal Trade Commission: Consumer information and best practices to stay safe online.

Federal Trade Commission: Scam alerts and information on current scams and fraud reports.

World Health Organization (WHO): Cybersecurity and how to prevent phishing.

Cybersecurity and Infrastructure Security Agency (CISA): Defending against COVID-19 cyber scams.

Filed under: Cybersecurity

back to all posts

Get B|O|S Perspectives
in Your Inbox