Risk Advisory Alert: April 9, 2020 Fraudulent Email and Phone Call Schemes

As we discussed in last week’s Risk Advisory Alert, the chaos and uncertainty of the current climate spells opportunity for cybercriminals. We continue to see heightened activity in terms of fraudulent schemes and malicious attacks.

Two schemes currently popular among cybercriminals that you should be mindful of:

  1. Emails alleging to be from the SBA (disastercustomerservice@sba.gov) that may contain an attached virus or malicious file. The uncertainty surrounding the SBA services and the CARES Act loan program it is administering makes users quick to click. The criminals know this.

    Recommendation: Be skeptical of all emails you receive. Don’t click on email attachments or links without verifying the source. In the event long wait times or off-hours make verifying difficult, try to access the information via the website of a credible source. For example, if the SBA were to send you information via email, they would have also uploaded copies to your user profile on their website. Therefore, we recommend you access this information via the website, not the email.

  2. Technicians calling to claim your computer system or identity has been compromised and asking you to turn over your username and password—or other sensitive information—or requesting payment to fix the problem or update your system. Remote working arrangements have made for a way of doing business that is unfamiliar to many users.

    Recommendation: Don’t answer calls from unknown numbers and don’t trust phone calls from unverified sources. By not answering you eliminate the opportunity of being tricked; criminals who have managed to gather information about you can sound credible and be very convincing. If you do find yourself on a call with someone you don’t know, do not disclose personal information. And never make a payment by gift card, prepaid debit card or wire transfer.

Cyber threats continue to emerge and evolve. You are best served by maintaining a heightened sense of awareness and skepticism. Understandably, you would be eager for information about an SBA loan or other government benefit you might have applied for, but your distraction and sense of urgency are what cybercriminals like to see most in their targeted victims.

About the Author(s)
Matthew Schiavone, CPA, CISSP, CISA, is a Senior Manager in HBK’s Quality Control department in Pittsburgh. He specializes in risk advisory services, system and organization control (SOC) reporting, internal controls, IT audit, information security, and cyber security.
Hill, Barth & King LLC has prepared this material for informational purposes only. Any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or under any state or local tax law or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein. Please do not hesitate to contact us if you have any questions regarding the matter.