As if times were not trying enough, small business owners are now being warned that COVID-19-related scams are on the rise. The Office of Inspector General, the independent body responsible for providing objective oversight of the Small Business Administration, said in March that small businesses are being targeted through grant fraud, loan fraud, and phishing. Some estimate fraud to reach $20 billion from SBA-backed programs.
According to researchers at cybersecurity firm Barracuda, 9,116 COVID-19-related phishing attacks have been detected. In January, a total of 137 were detected, and by the end of February, that number leaped to a total of 1,188 coronavirus-related spear-phishing attacks.
Here's what you need to watch out for.
How the Coronavirus SBA Scam Works:
The Better Business Bureau has received a number of reports of COVID-19 scams. They all work in a similar way.
- You receive an email, text, or call.
- You are told you've been contacted by an SBA representative or an attorney for the SBA.
- You're requested to fill in a short, simple form.
- You submit the form.
- You are approved for your loan.
- You are asked to pay a processing fee.
One of these COVID-19 Scam reports said that someone was contacted via text message, with the simple text: "2020 Emergency Fund: please reply GO."
Government agencies will never send unsolicited emails asking for private information in order to send you money.
SBA Application Number Email:
Researchers at IBM X-Force recently detected an attack similar to the SBA loan scam mentioned above.
- The recipient gets an email from the SBA.
- They are given an application number which can be used to access a “small business disaster assistance grant.”
- They are prompted to sign an attached document. The document "authorizes" a request for a tax return transcript.
- They are told to upload the document on the SBA’s website.
By clicking on the attachment, a type of remote access trojan malware is installed on the recipient's computer.
Fake Centers for Disease Control and Prevention Emails:
Along with phishing scams like the SBA scam, the FBI has also warned people against a fake CDC email scam.
If you get an email from the CDC offering more information on the virus, do not click links or open any attachments. These scams are being used to install malware on your computer. The FBI has also warned people against websites and apps that "track COVID-19 cases worldwide." These are also being used to install malware. Malware can be used to steal personal information or to lock a computer and demand money to unlock it.
Other COVID-1-related scams:
People receive an SMS text message, informing recipients that they need to take a mandatory COVID-19 test. To take the test, the recipients are asked to click on a link.
An email informs you that one of your friends, family, or colleagues have the virus and you may be at risk. The email instructs you to download and print an Excel spreadsheet to fill out. When you open the attachment you are prompted to enable the content. This final step allows a trojan downloader to install.
How to Avoid Coronavirus Scams:
Don’t respond to texts, emails or calls about checks from the government.
Ignore online offers for vaccinations and home test kits.
Hang up on robocalls.
Watch for emails claiming to be from the CDC, WHO, or SBA.
Do your homework when it comes to donations.
Don't click on attachments or links you don't recognize.
Look for a website that ends in .gov or .ca. These are safe.
Do a quick internet search when you're unsure.
Be wary of messages to you through social media.
Should I respond to emails, texts, or calls from government agencies about COVID?
According to the FTC, no. These are likely people trying to get personal info or finding ways to have aid checks redirected.
Are online coronavirus vaccine offers legit?
No. At this time there is no known vaccine for COVID-19. Online offers of vaccines are likely related to fraud.
Are home test kits for coronavirus legit?
No. At this time there is no test kit, and the FTC has warned that these offers are a scam.