Expert Take banner over woman looking at several computer screens

As COVID-19 continues to change throughout our daily lives, we at Ally are committed to our role as a trustworthy source of security when it comes to keeping your personal information safe. One of the ways we do that is by staying on top of trends in cyber scams and keeping you informed of the threats we’re tracking — and how to spot them.

In the past few weeks, we’ve seen a rise in cyber criminals taking advantage of the anxiety during the coronavirus outbreak and the resulting market volatility. Would-be fraudsters are looking to capitalize on vulnerable victims nationwide as much of the country is under stay-at-home orders.

In these uncertain times, I would like to emphasize the importance of staying calm, vigilant, and informed. That’s why we’ve compiled a helpful guide on these recent COVID-19 related scams, along with additional red flags that are signs of scammers, so you can stay one step ahead.

Armed with this brief, you should be better prepared and confident knowing that we have your back.

Old Scams, New Coronavirus Tricks

What we’ve seen across the market and echoed in nationwide reports from law enforcement are opportunistic and timely acts of fraud that leverage current events and details to appear official and trustworthy. Don’t fall for any of the following:

Fake CDC Emails and Coronavirus Websites

Beware of and avoid clicking links in emails claiming to be from the Centers for Disease Control and Prevention (CDC) or other organizations asserting to have information about the virus. To stay safe, be suspicious of websites and apps claiming to track COVID-19 cases worldwide. Cyber criminals are using malicious websites to infect and lock devices with malware until payment is received.

Instead, use an independent method of getting to an official website. The CDC’s website is particularly easy to remember: It’s just CDC.gov.

Phishing Emails Related to Economic Stimulus

Economic stimulus checks have been all over the news as of late, but government agencies are not sending unsolicited emails seeking personal information in order to send your payment in the mail. Coronavirus phishing emails may also claim to be related to charitable contributions, general financial relief, and airline carrier refunds.

Read more: Don’t get hooked by a phishing scam.

Counterfeit Treatments or Equipment

Scammers are also masquerading as medical professionals, selling chemical solutions and other illegitimate medicinal offers. Be wary of fake cures, vaccines, and testing kits. Anyone selling products that claim to prevent, treat, diagnose, or cure coronavirus is almost certainly a fraudster. And unfortunately, the online market is rife with counterfeit items such as sanitizing products and personal protective equipment, including N95 respirator masks, goggles, full face shields, protective gowns, and gloves. Our tip is to avoid exorbitantly priced protective equipment and purchase only from reputable online retailers or in-store where you can inspect the validity of the items.

Impersonated Communications from Financial Institutions

You may be receiving more communications from your financial institutions, as they keep you informed about any changes or relief efforts at this time. But there are also scammers out there who are impersonating those institutions and sending false messages through email, social media, and phone calls. Be especially wary if you are being asked to provide personal information or the message appears to be urgent.

You may also get messages about opening new accounts at different financial institutions. Be sure to initiate new account opens independently, by typing the financial institution’s website into a browser and contacting them through an official means.

Watch out for these common red flags.

Beyond these contemporary scams, there are age-old and often familiar tip-offs that can help you spot a fraudulent offer or claim. Remember, these scams are not only limited to the internet. Crafty criminals also use phone, text, social media, and email.

  • Look out for wire transfer email scams.
    Wire transfers have gotten a bad rap in the last few years and with good reason. They are often deceptive and remain at the center of a criminal’s attempts to defraud financial institutions and their customers. Regard any wire transfer request with skepticism.
  • Ask yourself: Does the offer sound too good to be true?
    Surprise! You’ve won a contest you don’t remember entering. You’re promised a hefty sum of money in return for using your bank account or transferring funds, often internationally. If it sounds too good to be true, it usually is.
  • Verify requests for money.
    Is your friend or family member unexpectedly traveling abroad with no notice but suddenly needs money? Confirm the validity of the story and their identity before sending any funds.
  • Smoke out shady sellers or buyers.
    When purchasing or selling a car online, you’re asked to transfer funds or pay by mail via cashier’s check or money order. Or the buyer overpays you with a check and asks you to refund the difference. Don’t get stuck with the bill: The check will bounce when you try to cash or deposit it later.

Good cybersecurity is proactive.

Taking charge and putting your house in order will go the distance and keep you out of harm’s way. Here are some good cybersecurity hygiene and security measures to practice from our team at Ally:

  • Do not open attachments or click links from unfamiliar senders.
  • Do not provide personal information to unknown websites or uninvestigated third-party messengers.
  • Always verify a web address by searching for it manually in your browser.
  • Check for spelling and grammar in texts, emails, and other correspondence.
  • Even if it’s not required, change your passwords every 90 days for all sensitive accounts.

If a caller claims to be from Ally, but you feel at all suspicious of their authenticity, hang up and call us at one of our customer service numbers, which you can find on our contact page.

Remain informed and keep cyber criminals’ hands off your money with this checklist.

Stay vigilant.

Even if your nerves are feeling a bit fried at this time, try not to worry, because your safety remains a top priority for us and with this guide, you’re more knowledgeable about red flags to look out for. Our security approach and implementations are current, layered, and thorough. We will continue to be a trustworthy resource on recognizing and stopping cybersecurity threats throughout this pandemic and beyond. We are continuing to monitor the situation and will help you stay in-the-know about any future hazards we identify. And remember, in this time of illness and worry, it’s important to stay vigilant and not surrender to the anxiety that it brings. Armed with knowledge, you are better equipped to weather the viral storm.

Check out our security center for further reading or a roundup of more cybersecurity tips to help keep you safe.


 
Speech bubble icon next to text "Expert Take"

Headshot of Keith GordonKeith Gordon is the Chief Information Security Officer at Ally Financial, responsible for establishing and maintaining the enterprise vision, strategy, and programming to ensure information assets and technologies are adequately protected. Keith has a broad background in cybersecurity intelligence, as well as technology risk, security, and fraud. Before joining Ally, Keith held numerous leadership roles in information technology and risk management at Bank of America and Capital One.

Keith is passionate about the evolution of cybersecurity in the financial industry and speaks frequently at national and local industry events, including Bloomberg’s CIO Summit and the UNCC Cybersecurity Symposium. He currently serves on the cybersecurity advisory board at Montreat College and UNC Charlotte, as well as on the boards of Sheltered Harbor, Imperva’s Customer Advisory Council, and HMG Strategy.