Protect yourself from coronavirus-themed phishing scams

As with any crisis that draws a great amount of media coverage, consumers should be on alert for fraudsters who may try to take advantage of them during the coronavirus pandemic. One common fraudulent activity related to COVID-19 is fraudsters sending phishing emails in an attempt to steal personal information or request money.

Current Scams (updated 8/13/2020)

Small Businesses Targeted Through Spoofed SBA COVID-19 Relief Webpage

The Cybersecurity and Infrastructure Security Agency issued an alert yesterday about an unknown malicious cyber actor who is spoofing the Small Business Administration's COVID-19 relief webpage through phishing emails. The phishing emails contain a malicious link to a fake page used for re-directs and credential stealing. The phishing email subject line currently reads, “SBA Application – Review and Proceed,” and the sender is marked as “disastercustomerservice@sba[.]gov.” 

If you received a PPP loan from UBT, all communication regarding your loan will come from a UBT email address. If you are questioning the validity of an email you received regarding your loan, please call us and we can help verify.

General scams: how it works

Cybercriminals send emails claiming to be from legitimate organizations with information about the coronavirus. If you click on the attachment or embedded link, you’re likely to download malicious software onto your computer or mobile device. The malicious software (aka malware) could allow cybercriminals to take control of your computer, log your keystrokes, or access your personal information and financial data, which could lead to identity theft.

Coronavirus-themed phishing emails can take different forms, including:

• CDC or government alerts. These are emails designed to look like they’re from the Centers for Disease Control, the U.S. Government, or your state or local government, which falsely provides a link to coronavirus information.
• Health advice emails. Phishers have sent emails fraudulently appearing to be from legitimate sources offering medical advice to help protect you against the coronavirus. The email may contain a link asking for personal information.
• Trusted source emails. The email may appear to be from your employer, financial institution, or another business you trust. Fraudsters can copy logos and send emails with “important information” regarding your account or workplace policy.

With any suspicious email where you don’t know the sender and/or hyperlinks or attachments are included, you can follow good security practices to help reduce the likelihood of falling victim to phishing attacks:

• If you suspect deceit, hit delete.
• Beware of online requests for personal information. A coronavirus-themed email that seeks personal information like your Social Security number or financial institution login information is a phishing scam. Legitimate businesses and agencies won’t ask for that information. Never respond to the email with your personal data.
• Check the email address or link. You can inspect a link by hovering your mouse pointer over the URL to see where it leads. Sometimes, it’s obvious the web address is not legitimate. However, phishers can create links that closely resemble legitimate addresses. Delete the email.
• Watch for spelling and grammatical mistakes. If an email includes spelling, punctuation, and grammar errors, it’s likely a sign you’ve received a phishing email. Delete it.
• Look for generic greetings. Phishing emails are unlikely to use your name. Greetings like “Dear sir or madam” signal an email is not legitimate.
• Avoid emails that insist you act now. Phishing emails often try to create a sense of urgency or demand immediate action. The goal is to get you to click on a link and provide personal information — right now. Instead, delete the message.

We’re all taking plenty of precautions to protect our health amid coronavirus concerns — and that should go for your online health, as well. By practicing a few smart security practices, you can feel more confident in your online safety.

UPDATE: Most branches have reopened, but we encourage customers to check individual location hours and lobby availability.