Avoiding Coronavirus Scams

Cybercriminals are taking advantage of the COVID-19 coronavirus by using online scams to extract internet users’ personal and financial information.

These scams can be sent through email, texts, posted or involve social media posts and legitimate-looking websites. They claim to provide coronavirus awareness, sell virus prevention products and/or may ask for donations to a charity. They can often appear to be from a legitimate organization or individual, including a business partner or friend.

Follow these tips to help protect yourself while online:

• Stick with trusted sources. Rely only on reputable websites, such as your local news, national news outlets and government websites for the latest information about COVID-19. These websites include the U.S. Centers for Disease Control and N.C. Department of Health and Human Services.
• Think before you act. Be wary of communications that implore you to act immediately, offer something that sounds too good to be true or ask for personal or financial information. This includes online offers touting prevention, treatment or cure claims for COVID-19. (Ask yourself: if there's been a medical breakthrough, would you really be hearing about it for the first time through an ad or sales pitch?)
• Don't reveal personal or financial information in an email. Don't respond to emails asking for this information.
• Be wary of hyperlinks. Avoid clicking on hyperlinks in emails. Instead, type the URL directly into the address bar instead. If you aren't sure, it's best not to click.
• Pay attention to website URLs. Malicious websites might look identical to legitimate sites, but the URL might use a variation in spelling or a different domain (e.g., net instead of .com).
• Do your research first.  Be wary of emails and phone calls asking for donations, especially from organizations unfamiliar to you. If you want to donate, verify a charity’s authenticity before making donations and check the Federal Trade Commission’s website for more information about donating.
• Make passwords long and strong. Combine capital and lowercase letters with numbers and symbols to create a more secure password.
• Use stronger authentication. Always opt to enable stronger authentication, including two-factor authentication, when available, especially for accounts with sensitive information, including your email or bank accounts.
• Install and update anti-virus software. Make sure all of your computers are equipped with regularly updated antivirus software, firewalls, email filters and anti-spyware. (Get help securing your devices.)

The ABCs of Email Cybersecurity

What to Do If You Think You’re a Victim

• Report it. If it's related to your work, report it immediately to the appropriate people within your company - especially if you think you might have revealed sensitive information about your company.
• Watch for changes to your accounts. If you believe your financial accounts might be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
• Change your passwords. Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
• Watch for other signs of identity theft. These signs could include but are not limited to: unusual or unexplainable charges on your bills; phone calls or bills for accounts; products or services that you do not have; new, strange accounts appearing on your credit report; or unexpected denial of your credit card.