From submitting disaster loan and grant applications for businesses that don’t exist, to reaping the rewards of a PPP loan to buy luxury goods and services, we’re seeing a spike in personal and workplace fraud as the pandemic persists.
Unfortunately, cybercriminals continue to profit from our vulnerabilities — and their tactics get sneakier and more sophisticated every day.
Let’s dive into some of the scams and fraud we’re seeing the most of today.
Business email compromise (BEC)
Most of us rely on email to get things done throughout our day, making a BEC scam one of the most damaging to a business. In fact, BEC scams were the most expensive cybercrime in 2020, with the FBI’s Internet Crime Complaint Center (IC3) reporting losses of approximately $1.8 billion. The fraudsters behind these scams cleverly trick victims into believing their emails are coming from a trusted, legitimate source. Here’s what a BEC might look like:
- A scammer spoofs an email account or website (with almost undetectable changes) to make it look authentic, using something like jon.doe@example.com instead of john.doe@example.com.
- Your accounts receivable department receives an email invoice from a “vendor” who has recently updated their address. These dupes often mimic a real company’s official letterhead by copying and pasting logos and other commonly identifying features.
Account takeover fraud (ATO)
Phishing — a common cyber-attack that uses deceptive emails to lure recipients to give out sensitive information or click malicious links — is just one of many ways cybercriminals gain access to personal information, like passwords and credit card numbers. Once they have access to login credentials, they can digitally break in and create any number of unauthorized transactions, wreaking financial havoc in the process.
PRO TIP: Ramp up your business account’s security by using a multi-factor authentication solution like Duo, particularly when dealing with sensitive information. These types of mobile apps allow users to verify their identities and either approve or deny login attempts.
Unemployment fraud
Since last spring, many members have experienced fraud when filing for unemployment. In many cases, the identities of these individuals were stolen, and victims were unaware of the fraud until they received notification or benefits from a government unemployment agency. Some victims learned of the fraud when they tried to file a claim online, only to find out a claim already existed under their name.
In other cases, members unknowingly (due to human error) filed an unemployment claim in a different state. Due to the lack of agency controls and the significantly increased number of applications, many of these unintentionally fraudulent claims have been approved.
PRO TIP: Make sure you’re visiting secure government websites for the appropriate state. As a reminder, unemployment filing sites won’t ask you for things like your account login or password. If you notice fraudulent activity on your account, contact your financial institution.