The Federal Bureau of Investigation (FBI) sends out warnings of emerging Health Care Schemes related to the COVID-19 Pandemic
The FBI is warning the public about several emerging health care fraud schemes related to the COVID-19 pandemic.
“Criminals are actively manipulating the COVID-19 pandemic to their advantage,” said Calvin A. Shivers, assistant director of the FBI’s Criminal Investigative Division. “We ask all Americans to remain vigilant to avoid falling victim to these schemes.”
Bad actors are selling fake COVID-19 test kits and unapproved treatments through telemarketing calls, social media platforms, and door-to-door visits. Many scammers promise free care to patients in order to gain access to their personal and health insurance information, including their dates of birth, Social Security numbers, and financial data.
The FBI wants the public to be aware of the following schemes:
COVID-19 Testing Schemes
Beware of individuals who contact you in person, by phone, or by email to tell you the government or government officials require you to take a COVID-19 test. These scammers will likely ask for your health insurance information, including your Medicare or Medicaid number, and other personal information. Prior health care fraud investigations have shown that once scammers obtain an individual’s personal information, they use it to bill federal health care programs and/or private health insurance plans for tests and procedures the individual did not receive and pocket the proceeds. Be cautious of any unsolicited offers that require or request your medical insurance information.
Also beware of individuals offering to sell you a COVID-19 test kit or supplies, especially when these contacts are unexpected. A physician or other trusted
health care provider should assess your condition and approve any requests for COVID-19 testing. Some scammers are selling fake at-home test kits; some are even going door-to-door and performing fake tests for money. Legitimate tests are offered free to patients when administered by a health care professional.
COVID-19 Treatment Schemes
Legitimate medical professionals and scientists throughout the U.S. are working hard to find a cure, approved treatment, and vaccine for COVID-19. Unfortunately, they don’t yet exist. At the same time, scammers are working hard to sell fake cures, treatments, and vaccines. Ignore unsolicited offers for these fake procedures. Do not provide any personal information, including your financial information, Medicare or Medicaid number, or private health insurance information to anyone offering them.
When an approved treatment or cure becomes available, the first time you hear about it will not be through an email, telephone call, online advertisement, or unsolicited in-person sales pitch from a stranger.
You should also beware of scammers claiming to be medical professionals and demanding payment for treating a friend or relative for COVID-19.
If you do receive treatment for COVID-19, be sure to check the medical bills and the explanation of benefits from your provider, government health program, or insurance company. Ensure your medical bills are accurate! If you spot an error, call your medical provider and your insurance company.
The U.S. Department of Health and Human Services, Office of Inspector General issued a COVID-19 Fraud Alert video to warn about several healthcare fraud scams.
The U.S. Centers for Disease Control and Prevention has posted extensive guidance and information on the Internet that is updated frequently. You may also consult your primary care physician for guidance.
With the growing Coronavirus impact on our society, scams are also growing exponentially. Below is a summary of several of the most common scams, and resources to help you stay ahead of this fraud in the midst of COVID-19.
Staying Vigilant Against Fraud in the Midst of COVID-19
In the midst of the COVID-19 pandemic, frauds and scams are emerging. Americans need to be aware that there are individuals attempting to profiteer from this emergency through online phishing scams, door-to-door COVID-19 testing offers, falsely promising free care, etc.
Report Suspected COVID-19 Fraud to National Center for Disaster Fraud Hotline:
Below is a list of 5 scams designed to defraud you in the midst of the COVID-19 pandemic.
Phishing Scams
We are all looking to keep up with all that is happening with the Coronavirus. Our eagerness and fear may be making us more vulnerable to fake coronavirus update emails, and texts. Think before you click on links, ask yourself if it makes sense. You may be one click away from being infected by malware and adding more stress to your life. Do not give out any personal information over the phone!
Fake Government Representations
The bad guys are pretending to be government representatives. Don’t respond to texts and emails about checks from the government. The details are still being worked out. Anyone who tells you they can get you the money now is a scammer.
Here is an example of a fake Government Representation:
As the U.S. government considers a financial relief package for citizens, false claims of the government sending a $1000 relief check to individuals are already in the works by scammers who seem to be a step ahead of any official decision. Fraudsters are posing as the government to collect your personal information such as Social Security numbers or bank account numbers to send out your “coronavirus financial aid” deposit.
Update and Donation Sites Websites designed to collect your Personal Identifiable Information (PII) are being published.
Some examples we have seen:
Coronavirus updates
Emergency Response Plan Sites
Donation Sites
Others include the “sale” of things like facemasks, sanitizer, test kits etc.
NO CURE… The FTC and FDA have jointly issued warning letters to seven sellers of unapproved and misbranded products, claiming they can treat or prevent the Coronavirus. The companies’ products include teas, essential oils, and colloidal silver.The FTC says the companies have no evidence to back up their claims — as required by law. The FDA says there are no approved vaccines, drugs or investigational products currently available to treat or prevent the virus. Read more about the warning letters.
Fake Jobs This has affected all of us in one way or another. Unfortunately, some have lost their jobs and are looking for a solution. The dirtbags know this and are creating fake job postings to entice some of us to participate in a scam or to provide PII. Make sure you know what you are applying for and do your research before you provide any information.
We are all dealing with this in our own ways but we need to be careful. Careful with each other but also with potential fraud in the midst of COVID-19.
If you think you have been a victim, please do not hesitate to reach out to us here at defend-id. Or if you spot a fraud please report it:
Report Suspected COVID-19 Fraud to National Center for Disaster Fraud Hotline:
I read a great article last week by Risk Based Security – a leader in vulnerability intelligence – about modern phishing attempts (please see here) and how Coronavirus Fear and Anxiety Drives Phishing Scams. “malicious attackers are targeting unsuspecting people on the web.”
This article said there was a “tendency to associate phishing with crude boilerplate emails, dubious attachments, and poor attention spans”. But, sophisticated “attackers were spoofing system update prompts or redirecting users to pages with all sorts of dubious code.”
But it gets worse. Cyber thieves and ID theft criminals didn’t are already taking advantage of fear and anxiety surrounding the global COVID-19 pandemic.
Risk-Based Security then released another article titled Coronavirus Isn’t the Only Virus Going Around (please see here) reporting that “malicious attackers will always find new ways to target individuals and organizations. This time, hackers are installing malware on computers and harvesting user credentials by preying on people’s curiosity and fear of the coronavirus (COVID-19).”
Phishing Example
One new phishing example is where “scammers pose as the Centers for Disease Control (CDC) advising that there are new COVID-19 cases reported in the user’s city and requesting that they follow a link to learn more. From there, clicking the provided URL covertly redirects the user to a spoofed login page. If the user completes the process by providing their credentials, they are now compromised.”
The Major Cause
For years I have written and spoken on how IT and hacking are the sizzle that makes the news headlines. However, the vast majority of data breach events are the result of phishing emails and not high technology hacking tools.
According to the FBI’s Internet Crime Complaint Center (IC3) 2019 Internet Crime Report (please see here), phishing scams were the most common type of internet crime last year where 114,000 U.S. consumers lost more than $57.8 million in 2019 as the result of phishing.
Let’s not forget…
that cyber and ID theft criminals pretend to be trustworthy to trick people into handing over personal details or account information. Now COVID-19 related scams are showing up in multiple locations including the internet, your work email, and your personal email.
Based on the severity of our national emergency and because of Coronavirus Fear and Anxiety Drives Phishing Scams – we need to be diligent and aware of the numerous phishing emails and scams in the foreseeable future.
By Mark Pribish
Vice President and ID Theft Practice Leader
The latest research and identity theft trends indicate significant patterns. Patterns that can help consumers and businesses mitigate their risks against identity theft. One of these trends points to the unfortunate potential that senior identity theft is going to get significantly worse.
Research
Based on the first half of this year – where 11 of the largest 13 data breach events occurred at medical or healthcare organizations (please see here) affecting nearly 24 million healthcare-related records.
And we believe senior identity theft and fraud will get significantly worse in 2020.
When you think about lost or stolen Personally Identifiable Information (PII), most people think about:
credit card information,
bank account information,
taxpayer identity theft and refund fraud,
utility identity theft and fraud, and
credential identity theft such as driver’s license or passport fraud.
Healthcare is a Target
According to Protenus, a healthcare compliance analytics company, (please see here) this healthcare industry data breach pattern includes 503 incidents affecting nearly 15.1 million patient records in 2018 and 477 data breaches affecting 5.6 million patient records in 2017.
Very few people think about medical identity theft in general and senior identity theft in particular. Click here to read about how ID Theft Increases Stress and Fatigue
However, when the collections firm American Medical Collections Agency (AMCA) – which services laboratories, hospitals, physician groups, billing services and medical providers throughout the United States – experienced a data breach including Labcorp affecting 7.7 million patients and Quest Diagnostics affecting 11.9 million patients, we have to wondered how safe and secure all American consumer billing records really are?
The Senior Population
Another interesting statistic comes from the 2019 Federal Trade Commission (FTC) Consumer Sentinel Network Data Book where 39% of fraud complaints and 15.9% of identity theft complaints impacted seniors (60 years or older) in 2018 (please see here).
If you add the mature market (50 – 59 years of age), the “Identity Theft Reports by Age” from the FTC Consumer Sentinel Network shows a three year average of 36% of identity theft victims were 50 years and older.
There were “only” 14.4 million identity theft victims in 2018, a drop from the record-breaking 16.7 million victims in 2017. But it is estimated that out-of-pocket fraud costs for victims more than doubled in 2 Years to $1.7 billion.
The FTC report also showed that younger people reported losing money to fraud more often than older people. Older people lost nearly twice the amount to fraud than the more frequently reported younger reports.
Nearly 50 million health-related records have been reported stolen from over 1,000 data breaches over the last 30 months. The statistics are staggering and will likely have an enormous, negative effect on seniors over the next couple of years.
Written by Mark Pribish – ID Theft Protection Expert
Have you ever thought about how installing smart or connected devices such as a residential doorbell or security camera using a Wi-Fi connection can put your personal or business data at risk of being hacked or sold to third parties like advertisers? Personal privacy and the internet of things should be on all of our minds as we continue to become more and more connected.
Day to Day Convenience
An October 1, 2019 article titled Smart Home Devices and Privacy Risk (please see here) states “while ‘smart home’ or internet of things (IoT) devices have become more prevalent and may make every day or business tasks more convenient, they also diminish consumers’ privacy and introduce serious risks, for both users and device developers and manufacturers.”
According to Statista, a leading provider of market and consumer data, there will be 75 billion connected devices worldwide by 2025 (please see here).
Connected Devices
When I think of connected devices I think of business sectors such as
Utilities (programmable thermostats),
Residential Security (residential doorbells with surveillance cameras and microphones),
Smart and Self-Driving Automobiles (onboard computers, infotainment/entertainment systems, and apps) and
Healthcare (medical devices such as a pacemaker and mobile apps) to name a few.
Benefits
In each instance, these connected business sectors and devices help save money, increase efficiencies and improve our quality of life.
The Risks
The same business sectors and devices can also give hackers and insider threats the opportunity to steal personally identifiable information (PII) leading to any consumer becoming a victim of identity theft.
Think about it, if you can unlock the front door of your house remotely – so can a hacker. If you can start your car or unlock the door locks of your car remotely – so can a hacker?
And if any of your devices or service providers are connected to the cloud to collect, store and/or transfer information – hackers and insider threats can collect, store and/or transfer the same information.
While consumers are excited to have a more connected lifestyle, consumers should also be concerned about the increased risk of identity theft and data breach events.
So what can you do about it?
Consumers can protect themselves in a number of ways including:
By changing their default usernames and passwords
Setting strong passwords
Updating their security software regularly
Check the device for default privacy and security settings
Disabling remote access to your IoT devices (where applicable)
Every IoT device comes with a built-in web interface to configure the settings mentioned above. In addition to securing any new smart devices, be sure to configure any existing IoT devices you already have.
Personal Privacy and the Internet Of Things is a concern we should consider seriously and take the precautionary steps needed with these increased risks.
By Mark Pribish
ID Theft Practice Leader
Keywords: #Personal Privacy, #Internet of Things, #Smart Devices, #Identity Theft
COVID-19 Testing Schemes
COVID-19 Treatment Schemes
