“The number of sites and stores that popped up all over the place has increased,” said Ron Culler, a senior director of technology and solutions for the security firm ADT Cybersecurity. Shortly after the government began issuing stimulus checks, he said, scammers registered 15,000 fake websites posing as the I.R.S. to steal people’s personal and financial information.
Here are a few measures to protect yourself from fraudulent websites:
Check the website’s URL. A phony site may look identical to a government or banking website, but the domain name in the address bar is a giveaway of a fake. Click on your address bar and look for domains ending in “com.co,” “.ma” or “.co” instead of more legitimate domains like “.com” or “.org.”
Install an ad blocker. To prevent your browser from loading a shady ad seeking your personal information, you can download an ad-blocking extension for your browser. For computer browsers, I recommend uBlock Origin, and on iPhones I recommend 1Blocker X.
Robocallers have a reputation for sounding dumb, but in reality, they work hard for your money and are resourceful.
They do their homework on you and adapt to your responses. Most of the time, they “spoof” phone numbers, manipulating phone networks to ring your phone from numbers they aren’t actually calling from — including digits that belong to your bank or a government agency.
In extreme cases, two scammers work together — one is on the phone with your bank while the other is on the phone with you — asking you for personal information so they can immediately trick the bank’s customer support agent into granting access to your account.
“What they’re looking for is any crack in the system,” Mr. Espinosa said. High-risk calls to financial institutions are 50 percent higher than before the pandemic, according to his company, which tracks the number of potentially fraudulent calls being made to businesses. One bank is getting 6,000 more high-risk calls per hour, he said.
So here’s what to do:
Hang up the phone and call back. Robocallers have been a nuisance for years, but now more than ever, we should be wary of any call from a business or an organization. If, for example, your bank calls with a fraud alert, hang up and call the customer service number on the back of your credit card and ask your bank whether it truly tried to call you.
Remove businesses from your address book. A saved entry in your address book could give you false confidence that a call is legitimate. Let’s say you have Citibank’s support number saved in your address book and labeled it “Citibank.” If a fraudster spoofed Citibank’s support number and called you, your smartphone would show that a call is coming in from Citibank. It’s best to delete these phone book entries so scammers don’t catch us off guard.
Email and Text Messages
Phishing, in which a scammer impersonates someone to ask for your personal information, is one of the oldest internet scams. But it still happens because it works.
Fraudsters have adapted to the ever-changing news cycle in the pandemic. In emails and texts, they have worn several disguises, pretending to be the World Health Organization, the Centers for Disease Control and Prevention, the Internal Revenue Service and more, according to ADT.