Be Aware of Payment Lures
With the possibility of future legitimate stimulus money coming in the U.S., scammers are taking advantage of opportunities to steal personal information. One tactic they use is called Payment Lure, in which scammers trick consumers into believing they are due to receive money, and all that is needed from them is some additional information to enable the money to be sent. As the coronavirus pandemic continues, scammers have been known to specifically reference stimulus money in their payment lures.
Payment lure emails may include a link for the recipient to click on to provide information, however the links are actually connected to phishing scams. Other payment lure schemes may use emails that name a credit card company in an attempt to make the message appear more credible, alongside a title such as “Claim Your Covid-19 Cash.” These types of messages may also reference late credit card payments being waived and large credit offers. However, clicking the link found in these emails and entering information allows scammers an opportunity to gain access to the recipient’s passwords, IDs, and credit card/banking information.
What Should You Do
Awareness is key – be aware of payment lures and how to identify schemes so you don’t fall victim to one. Here are some tips to help:
- Do not disclose personal information, such as account numbers or passwords, in emails or via email links
- Take notice of URLs (web addresses) that email links reference. Many scams become obvious because, though they may appear similar to those of legitimate companies and organizations, the web addresses often have spelling variations or different domains (e.g., .net instead of .com)
- Keep devices (including desktop and laptop computers, tablets, and phones) updated. Allowing automatic software updates from trusted sources (i.e., Microsoft, Apple, Adobe) ensures these devices always have the most up-to-date security capabilities to block malware and other risks. Be suspicious of update requests or patches sent through email, using links, or on websites. Devices should be configured to obtain updates directly from trusted sources
- Contact a company directly if there are questions about the legitimacy of an email. Use contact information from a billing statement or other trusted source, rather than the contact information found in an email message
For more information or to report a payment lure or other scam, visit the FTC and Internet Crime Complaint Center (IC3). Both the FTC and IC3 have published several articles warning of fake emails and Coronavirus scams, as well as specific consumer and industry alerts.