The "COVID - Sick and Family Leave Act" Email Scam Tricking Victims with Fake Relief Offers
A new email scam, disguised as an official notification about COVID-19 financial relief, is targeting self-employed individuals with promises of financial support through the "COVID - Sick and Family Leave Act." This fraudulent email claims to offer financial assistance to recipients affected by the pandemic, but it’s a carefully constructed phishing scheme designed to steal personal information and possibly money.
Let’s break down how this scam works, what signs to watch for, and how to protect yourself from these increasingly sophisticated phishing attacks.
What is the "COVID - Sick and Family Leave Act" Scam?
The scam email appears to be a legitimate offer of financial relief for self-employed individuals affected by COVID-19. It claims that recipients can receive up to $32,220 under the Sick and Family Leave Act if they filed 1099 income or worked as sole proprietors in 2020 or 2021. It includes the name of a supposed government official, Benjamin Conrad, a “Sick and Family Leave Act Specialist,” to appear authentic and urges recipients to act quickly.
The email promises a quick and simple process for receiving funds, requiring recipients to:
- Fill out a brief online assessment.
- Verify their ID.
- Wait for a supposed payment within 30 days.
A “Get Started Now” link is embedded in the email, which leads to a fake website under the name “United Business Solutions.” On this fraudulent site, recipients are prompted to enter personal information such as their name, email, phone number, and occupation. In some cases, scammers may ask for more sensitive data, including credit card information, ID numbers, and possibly an “administration fee” to process the application.
The Danger of Phishing Scams Like This One
Scammers use fake financial aid schemes to exploit those in need or under financial stress. Here’s why phishing scams like the "COVID - Sick and Family Leave Act" email are so dangerous:
- Data Theft: By filling out forms on fake websites, victims unknowingly share personal data, which scammers can use for identity theft, credit card fraud, and unauthorized account access.
- Financial Loss: These scams often request “processing fees” or other payments. Victims who pay these fees not only lose money but may also become targets for future scams.
- Account Takeovers: With personal information and possibly ID or credit card data, scammers can access bank accounts, make unauthorized purchases, and even open new accounts in the victim’s name.
Signs of the "COVID - Sick and Family Leave Act" Scam
While phishing emails are designed to look legitimate, there are red flags to watch for in this and similar scams:
- Unusual Sender and Email Address: Scammers often use email addresses that do not match official government domains.
- Promises of Large Sums of Money: Be cautious of emails that promise large payouts or offer easy financial relief, especially if you haven’t applied for assistance.
- Urgent Language and Calls to Action: Phrases like “don’t miss out” and urging you to act quickly are often intended to pressure recipients into clicking links without verifying the source.
- Suspicious Links: The “Get Started Now” link in this scam leads to a fake website rather than an official government or recognized business page.
Similar Phishing Scams to Watch Out For
Scammers use variations of the same tactics across different schemes. Other popular phishing email subjects include:
- “Payment Has Been Sent”: Claims that a payment has been issued to you, prompting you to “verify” your account to access funds.
- “Treasurer Shared A Folder”: Impersonates trusted contacts or institutions, urging you to open a shared folder, which may contain malware or phishing links.
- “MetaMask Wallet Verification”: Poses as a crypto wallet provider, asking for immediate action to secure your funds.
These scams all rely on urgency, impersonation, and enticing promises to lure recipients into sharing personal data or clicking on harmful links.
How Scams Spread Malware Through Email
Phishing scams don’t only aim to steal personal information; they often spread malware as well. Here’s how:
- Malicious Attachments: Some phishing emails include infected files, such as documents or executables, that install malware when opened. For example, malware embedded in a Microsoft Office file will only execute if you enable macros, a common trick to infect devices.
- Harmful Links: Fake websites in phishing emails may prompt you to download “required software” or “updates,” which are actually malware installers.
- Automatic Downloads: Some links can trigger automatic downloads, infecting the device without the user’s knowledge or consent.
Tips to Protect Yourself from Phishing and Malware Attacks
Awareness and caution are your best defenses against phishing scams and malware. Here’s how to stay safe:
- Examine Email Addresses Carefully: If an email claims to be from a government organization, ensure the domain matches the official website (e.g., “.gov” or “.edu” for U.S. government or educational institutions).
- Avoid Links in Unsolicited Emails: Don’t click links or download attachments from emails that are unexpected or from unknown senders. Instead, visit official websites directly to verify any information.
- Only Use Trusted Sources: Download software only from reputable app stores or official websites, and avoid third-party downloaders or free software from unknown sites.
- Stay Cautious with Ad Pop-ups: Avoid clicking on pop-up ads or suspicious ads on questionable websites, as these can lead to fake pages or malware.
- Use Reliable Security Software: A trusted anti-malware program can detect and remove threats. Regular system scans help catch malware before it causes harm.
- Keep Systems and Apps Updated: Enable automatic updates on your devices to ensure that known security vulnerabilities are patched promptly.
If you believe you’ve interacted with a phishing email, particularly one that asked for personal or financial information, run a scan with a reliable anti-malware program immediately to identify and remove any threats.
Conclusion
The “COVID - Sick and Family Leave Act” scam email is one of many phishing schemes designed to exploit users by promising financial relief. By being aware of these tactics, recognizing red flags, and following cybersecurity best practices, you can protect yourself from these scams. Remember, if an email promises a too-good-to-be-true financial opportunity, it’s worth verifying its authenticity before taking any action.