Contact Tracing Scams
California Attorney General Xavier Becerra recently issued a consumer warning regarding phony COVID-19 contract tracers. Contact tracing is an important tool to slow the spread of coronavirus. This tool helps local public health departments identify people who may have been in contact with a COVID-19 infected individual. Once informed, people can quickly take proper precautions. In this new fraud scheme, scam artists pretend to be contact tracers to trick people into divulging their private personal information such as Social Security numbers, financial information, or health insurance information. These scam artists are contacting people by phone, email, or text.
To avoid falling victim to this scam remember:
- Real contact tracers will only ask you about your medical symptoms and the people you may have been in contact with.
- Real contact tracers will never ask for your Social Security number, financial or health insurance information.
- If someone claiming to be a contact tracer asks for any kind of financial information or tries to charge you money, it is a scam! Please report it to our office.
Johns Hopkins Email Phishing Scam
A recent scam has emerged in which recipients will receive an email that appears to be from the Coronavirus Research Center of John Hopkins University. The email includes an Excel attachment that is disguised as an updated list of Coronavirus-related deaths, but the file actually contains a hidden piece of malware. Opening the attachment and clicking “Enable Content” allows cybercriminals to automatically install a program that allows them complete control over the computer. To protect yourself from this scam remember:
- Think before you click! The bad guys know that you want to stay up-to-date on the latest COVID-19 data so they use this as bait. They’re trying to trick you into impulsively clicking and downloading their malware.
- Never download an attachment from an email that you were not expecting, even if the sender appears to be a legitimate organization, the email address could be spoofed.
- Always go to the source. Any time you receive an email that claims to have updated COVID-19 data, use your browser to visit the official website instead of opening an attachment or clicking a link.
Malicious Zoom Installer
Scammers are sending out phishing emails with links to download the latest version of Zoom. When clicked, the link takes you to a third-party website–not the official Zoom site–to download an installer. If you download and run the file, the program truly does install Zoom. The trick is, the installer also places a remote access trojan (RAT) on to your computer. This RAT gives cybercriminals the ability to observe everything you do on your machine. This includes keylogging (saving what you type), recording video calls, and taking screenshots–all of which can be used to steal your sensitive information.
To protect yourself, remember the following, if an email directs you to install or update an application, do not click on the link in the email. Instead, go directly to the official website through your browser. This ensures you are accessing the real page and keeping your credentials safe.
The Federal Trade Commission (FTC) has frequently updated information on coronavirus-related scams, including bogus cures, phishing emails, robocalls, relief check schemes, fake charities, and more.
The California Attorney General’s Office (Cal AG) has similar, California-specific information on coronavirus-related scams, including information on price gouging.