4 tips for protecting your business against Coronavirus-related scams

April 23, 2020

Taking advantage of these uncertain times, scams that blossomed during COVID-19 are still targeting businesses and individuals across the country. We talk to the experts for tips on how to protect your business, your employees and yourself.

Unfortunately, cyber criminals are eager to prey on people during this stressful and unpredictable time. Scammers are targeting businesses and individuals through a variety of scams that range from health to technology. Government programs that went into place for COVID-19 relief are ripe for fraudsters to utilize for their own purposes.

Some of their scams may not be entirely new. “I’m concerned about criminals leveraging COVID-19 to tweak existing business email compromise and malware schemes,” says Dan Kautz, vice president of product risk & controls at U.S. Bank.

Here are some tips to protect yourself and your employees from these scams.


1. Reinforce a strong security and fraud awareness culture

“Education is paramount during these unprecedented times,” says Brett Frederick, director of enterprise fraud risk management at U.S Bank. “Make sure your workforce understands the risks related to business changes due to the pandemic.”

It’s important to have a strong security and fraud awareness culture embedded within the company. Many employees may be working at home for the first time, which means their routines will be different in many ways. Make sure fraud protection is part of everyone’s daily routine. Get back to the basics and reinforce how your company can safely manage day-to-day operations.

“I get concerned when there are more people working from home,” says Kautz. “You lose the security of the traditional business environment. There is the potential for unauthorized parties to see confidential information within the home. Home employees might also operate in a less secure fashion than they would in an office environment. I would encourage home employees to have a secure working area to keep prying eyes off sensitive information. Businesses should have an established set of remote working rules for their employees.”

Make sure redundant processes are in place for approvals, whether that’s money movement or those who manage your financial statements from fraud, says Frederick. The right people, and their approvers, should have their eyes on your company’s transactions and financials.


2. Be aware of BEC

Business email compromise (BEC) scams target domestic and foreign businesses that regularly perform payment transfers. This continues to be a big fraud threat for organizations. BEC hasn’t been used exclusively with COVID-19, but Kautz is concerned about fraudsters leveraging the pandemic to their advantage. The financial stresses of both your company and your customers or vendors can create opportunities for scammers to give a sense of urgency that results in skipped processes and fraud.

“Unfortunately, fraudsters are wonderful salespeople,” says Frederick. “They administer techniques to make you feel comfortable and divulge valuable information that you don’t even realize you’re providing them.”

Scams relating to impersonating company leaders are big due to the current environment. If someone is trying to pose as your company’s CEO or CFO, they will generally send an email. Pay close attention to small details. Perhaps the email address is slightly different by one letter or the language in the email seems odd. A sense of urgency should also raise alarm bells. Kautz has seen a lot of schemes where a fraudster poses as a CFO and requests an urgent money transfer. The employee is told to keep it confidential. This can prevent the employee from seeking validation because they feel like an authority figure is telling them to move money now. If this is the case, call the person directly to verify the request is legitimate.

“Think twice before you send something even if it’s urgent,” says Kautz. “Take prudent steps to make sure you’re not introducing risk into the process.”

A fraudster may also contact employees pretending to be someone from IT to divulge personal or confidential information or click on links that could introduce malware into their systems. The best line of defense against fraudsters is to keep the enemy outside the gate. Practice the same security measures you would in the office and keep the same protocols in place from an IT and information security perspective. Always use strong firewalls and secure VPN to keep malware and other compromises from happening. Prohibit forwarding business emails, especially with confidential information, to personal email accounts, as there could be hackers lurking without you even knowing.


3. Investigate payment instruction changes

It’s important to know how your company normally processes money movement requests. That way, you can be on alert if something seems off. “Look at anything that has to do with a payment request, whether it’s account changes or money movement, as a potential threat,” says Kautz.

Now is the time to be on top of payment fraud prevention. Validate payment request changes using known source information. Don’t reply to the email or use the phone number in the email signature. Call the company and ask if the payment changes are valid. Even if the request is urgent, have another pair of trusted eyes take a look.

Verification of transactions and changes can be challenging during a time that employees may be using cell phones. One practice that can help is doing call backs to the employee’s office number with instructions regarding verification. The fraudster will not be accessing the company voicemail, and you can avoid the trap of verifying with a fraudulent number.

Another major concern are the scams associated with government programs that have gone into place with COVID-19 relief, such as the personal $1,200 government checks and the Paycheck Protection Program (PPP) loans. “With the government programs coming out, there could be some gaps that allow fraudsters to take advantage of the system and trick our customers into giving them information or a payment,” says Kautz. The biggest tip here is to make sure payment instructions are verified.

Kautz is also concerned about communications coming out from financial institutions. For example, there may be fake communications from financial institutions stating “We care about you. Click on this link, and we’ll give you some more advice on how to handle COVID-19.” That link could be malware used for nefarious purposes.

Here are some more tips to recognize a BEC scam.


4. Have a strong business continuity plan and keep the lines of communication open

Make sure standard operating procedures are as seamless as possible. Have redundant processes in place for approvals and be clear about the segregation of duties or if they have changed.

Have frequent communication with employees about expectations and issues happening at the company. It’s important to try and keep employees and management connected despite the fact that they are not all together in the same office. This helps employees remain integrated and aware of issues that are coming up, says Kautz.

“These are challenging times for everybody,” says Frederick. “Due to the economically difficult times, companies are focused on keeping their businesses moving forward. Make sure you are frequently checking in on the health of your employees. If they are healthy from a mental well-being perspective, they will be more focused and productive throughout this unprecedented time.”

Related content

How you can prevent identity theft

Post-pandemic fraud prevention lessons for local governments

How a bar trivia company went digital during COVID-19

Hospitals face cybersecurity risks in surprising new ways

What you need to know about identity theft

Automate accounts payable to optimize revenue and payments

Prioritizing payroll during the COVID-19 pandemic

Cybercrisis management: Are you ready to respond?

How Wenonah Canoe is making a boom in business last

Webinar: CRE Digital Transformation – Balancing Digitization with cybersecurity risk

Fight the battle against payments fraud

Webinar: Approaching international payment strategies in today’s unpredictable markets.

What is financial fraud?

White Castle optimizes payment transactions

Increase working capital with Commercial Card Optimization

The latest on cybersecurity: Mobile fraud and privacy concerns

Is online banking safe?

How I kicked my online shopping habit and got my spending under control

Webinar: Mindset Matters: How to practice mindful spending

The password: Enhancing security and usability

BEC: Recognize a scam

Fraud prevention checklist

4 tips for protecting your business against Coronavirus-related scams

Authenticating cardholder data reduce e-commerce fraud

3 reasons governments and educational institutions should implement service fees

The surprising truth about corporate cards

Why Know Your Customer (KYC) — for organizations

How this photography business persevered through tough times

Cybersecurity – Protecting client data through industry best practices

Trends in economics, immigration and mobility policy

4 restaurant models that aren’t dine-in

First-time homebuyer’s guide to getting a mortgage

Learn to spot and protect yourself from common student scams

How-to guide: What to do if your identity is stolen

Why a mobile banking app is a ‘must have’ for your next vacation

Proactive ways to fight vendor fraud

How to improve digital payments security for your health system

Opening a business on a budget during COVID-19

How business owners are managing during the supply chain crisis

How a group fitness studio made the most of online workouts

How community gave life to lifestyle boutique Les Sol

How a travel clothing retailer is staying true to its brand values

How to keep your assets safe

Keep your finances safe and secure: Essential tips for preventing check fraud

Webinar: How to stay safe from cyberfraud

How to avoid student loan scams

4 ways to outsmart your smart device

How to spot an online scam

Money muling 101: Recognizing and avoiding this increasingly common scam

5 tips for seniors to stay a step ahead of schemers

Recognize. React. Report. Don't fall victim to financial exploitation

Recognize. React. Report. Caregivers can help protect against financial exploitation

8 tips and tricks for creating and remembering your PIN

6 pandemic money habits to keep for the long term

Webinar: Mobile banking tips for smarter and safer online banking

A passion for fashion: How this student works the gig economy

Webinar: Mortgage basics: How much house can you afford?


Start of disclosure content

Loan approval is subject to credit approval and program guidelines. Not all loan programs are available in all states for all loan amounts. Interest rate and program terms are subject to change without notice. Mortgage, home equity and credit products are offered by U.S. Bank National Association. Deposit products are offered by U.S. Bank National Association. Member FDIC.