With the worldwide virus pandemic, we are seeing things on Facebook, Twitter and in our email multiple times a day already. We are focused on remaining vigilant so we don’t contract the virus, but we also need to become vigilant so that we don’t become victims of the various cons, schemes, and scams that are already starting to surface.
During uncertain times we often see scams on a personal level, business level, and national geopolitical level. It is important to be informed so that we can be protected in all areas.
Frank Figliuzzi is the former Assistant Director for Counterintelligence at the Federal Bureau of Investigation. Figliuzzi was previously the Special Agent in Charge of the Federal Bureau of Investigation's Cleveland Division which includes all of northern Ohio, and the major cities of Cleveland, Toledo, Youngstown, Akron, and Canton. Following his FBI service, Figliuzzi joined General Electric and served for five years as Assistant Chief Security Officer for investigations, insider threat, workplace violence prevention, and special event security for GE's 300,000 employees in 180 countries. Figliuzzi is currently a frequent National Security Contributor for NBC and MSNBC News.
A national pandemic is a target-rich opportunity for cons, schemes, and scams. We have to make ourselves harder targets for the bad guys. It is really important that we don’t do things out of panic without researching, talking to people and seeking the right advice from the right people.
What do we need to be looking for in an uncertain time to avoid being a victim of a scam or scheme? Listen in as Frank and I discuss warning signs to look for and trusted resources you can turn in this very uncertain time.
“If anybody is asking for your money or your personal identifiers right up front the alarm bells should go off.” - Frank Figliuzzi Share on XShow Notes:
[00:55] – We are all so squirrely focused on remaining vigilant so we don’t contract the virus, but I’m here with a slightly different message which is that we have got to become vigilant so that we don’t become victims during the virus of various cons, schemes, and scams that are already starting to surface.- [02:15] – When you see something that doesn’t look or sound right go ahead and research it, find out if it’s wrong, and if it is wrong politely post your research.
- [02:52] – Frank puts these scams in three different buckets. There are scams for coronavirus on the personal level, business level, and national and geopolitical level.
- [04:01] – It is really important that we don’t do things out of panic without researching, talking to people and seeking the right advice from the right people.
- [04:48] – We have got to look out for each other on this. If you have elderly family or neighbors we have to pay extra attention to them.
- [05:36] – If it is too good to be true, it’s not true. Trust your gut! Run it by 2 or 3 other people that you trust.
- [06:53] – When it comes to charities, Frank’s advice is to stick with the well-established charities that you already donate to. Charity Navigator will do the vetting for you.
- [8:13] – If anybody is asking for your money or your personal identifiers right up front the alarm bells should go off.
- [9:58] – Many businesses are not equipped from a cybersecurity perspective to deal with work from home.
- [10:34] – We are going to see a huge increase in accounts payable fraud.
- [11:51] – Get your IT people together and pay now for the increased security or you’re going to pay later. Maybe some sensitive functions should not be functioning at home.
- [13:00] – Testing is a great thing to do before you launch into massive work from home.
- [13:28] – If looking for work from home options watch out for the too good to be true. Always check out the opportunities and do your research.
- [15:16] – Test first before you start producing products remotely and make sure that it can’t be interfered with.
- [17:03] – With the government stimulus package coming out we will likely see emails pop up asking for your social security, date of birth, and address which is identity fraud.
- [18:31] – Don’t fall for people reaching out to you by phone, e-mail, and snail-mail. Go to a government site for the information.
- [19:26] – The government will not call you. You can verify through their websites and the official numbers.
- [19:38] – Share this information about possible scams with your grandparents, parents, and adult young children to protect them.
- [20:56] – We are in a polarized society. So far it has been political polarization.
- [21:22] – The fear is that we will move from political polarization to polarized responses to a pandemic and that can be very dangerous.
- [22:15] – There is also a foreign influence to try and polarize us.
- [23:14] – Do not be afraid to block and report anything that comes across your screen that looks like it is dangerous propaganda.
- [23:43] – When there is something really scary that we don’t understand, it is a lot easier to blame something that we can identify than to recognize there is nothing we can do about the situation and we just have to wait.
- [24:15] – Humans want simple solutions to the scariest, most complicated problems. We want to embrace the hopeful and simple.
- [25:14] When you click on something that offers you that simple explanation or solution you are probably making a mistake.
- [25:21] This is one of those situations where you have emotions, urgency, panic, health and fear on a worldwide scale all rolled up together. It is the ultimate opportunity for scam artists.
[26:07] Three trusted websites are Centers for Disease Control, World Health Organization, and John Hopkins University. You should also consult the Department of Health from your state and county.
“Humans want simple solutions to the scariest, most complicated problems.” - Frank Figliuzzi Share on XThanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.
Links and Resources:
- Podcast Web Page
- Facebook Page
- whatismyipaddress.com
- Easy Prey on Instagram
- Easy Prey on Twitter
- Easy Prey on LinkedIn
- Easy Prey on YouTube
- Easy Prey on Pinterest
- Frank on LinkedIn
- Frank on Twitter
- Frank on YouTube
- Frank on NBC News
- Charity Navigator
- Centers for Disease Control
- World Health Organization
- John Hopkins University
Frank, thank you so much for coming on the Easy Prey podcast to talk about the ongoing coronavirus. What’s going to happen quickly is scams and schemes are going to come out of the woodwork. Let’s talk about that today.
Thanks for having me. We’re all so squarely focused on remaining vigilant so we don’t contract the virus. I’m here with a slightly different measure, which is we’ve got to become vigilant so that we don't become victims during the virus of various cons and schemes and scams that are already starting to surface.
I know. I’ve already started to see them myself. My spam folder is full of coronavirus-related scams already. Not necessarily fake news, but news saying, “Hey, go to this website to get news,” which is a risk for malware, ransomware, and phishing. Have you seen any emails well beyond that?
Yes. On the smaller scale, that’s almost nonsensical. I’ve recently published a piece for NBC Think, called Coronavirus scam alert: From fake Starbucks coupons to fraud, cons are going viral, which is their digital platform on this very topic. I said these range from the nonsensical to the nefarious. On the nonsensical side—although people are buying into it—I saw something the other day where somebody was promoting using a hairdryer to blow heat up your nostrils because heat will kill the virus.
Of course, I’m now on a mission to—and I urge all of your listeners to join me in the mission, which is when you see stuff like this, go ahead and research it, find out if it’s wrong, and if it’s wrong, go ahead and post—very politely—your research. You don’t have to call people out and say, “You’re a fool.” Just politely post the research that counters the nonsense. I did it with this particular hair dryer piece. That’s on the silly side. Although, quite frankly, the research on that showed you could actually hurt yourself meaning you’re going to damage the mucous membranes in your nostrils, which is going to make you more susceptible to the virus.
Some of these are harmful. I put this in three different buckets. I look for scams on corona on the personal level, the business level, and the national and geopolitical level. It runs the gamut from what we just said—simple stuff, personal things you’ll see in your inbox—all the way up to government-wide fraud. We can talk about that based on the history of government programs and fraud in crises. Then let’s go outside the borders, and we can even see, already, Russia and other state actors trying to mess with us when it comes to corona.
That’s absolutely crazy. Some of the things that have already happened in the news is televangelist Jim Bakker selling fake coronavirus cures. We’ve seen people drinking cleaning solutions that have a chemical in it that looks similar to pharmaceuticals that have been mentioned in the news. Then you have people that are like, “Oh, I have some of that medication,” and have overdosed and died because they’re not taking the proper medication.
It’s really important that we understand—out of our panic and our urgency over this—that we don’t do things without researching, without talking to people, without seeking the right advice from the right people.
Exactly. This is the personal bucket that I’m talking about, so we might as well go ahead and dive into that. In my home state—Arizona—you just referred to the husband-and-wife couple who heard the name chloroquine, discovered that they had something that they were already using or aware of on the shelf somewhere to clean aquariums. It’s chloroquine phosphate. They ingested it. The husband sadly died. You’re not supposed to ingest chloroquine phosphate, which is used to kill bacteria in a fish tank.
We’ve got to look out for each other on this. I’m particularly sensitive to the elderly on these issues. If you’ve got elderly neighbors, family—we all do—you’ve got to pay extra attention to them and what they’re consuming via news and social media. Make sure they don’t do something really stupid and even harmful.
I saw it in my days in the FBI in Miami where we had fraud squads that will deal with elder scams. We’re going to see it come out of the woodwork. We’re going to see, for example, that even stock and investment scams are beginning. “Here’s a company that’s got the secret to curing corona. You should invest in it. We’ll do that for you. Just send us your check or your money order and we’ll make that investment for you.”
If it’s too good to be true, it’s not true. You’ve got to trust your gut. I also tell people, “Run it to two or three other people you trust.” If they tell you, “You’re out of your mind,” then they’re probably right. That’s that personal bucket. Your email is going to be filled with this. Your Facebook is going to be regurgitating this, your Twitter feed. You’ve just got to see it for what it is. Listen to medical professionals. Listen to trusted government authorities and stay away from this stuff.
I know one of the things when you’re talking about elder abuse and elder fraud being high in your mind. One of the things I look at is charity scams. That when these entities come out saying, “Hey, we’re going to collect money to buy products to give to healthcare workers that are on the frontlines.” People want to help out. People are good-natured, so they throw money at these scam artists who just take the bucket of money and walk away.
Exploiting our good intentions has historically been how these con-artists work. I’m already seeing such things as, “Hey, let’s help our first responders. Let’s get them equipment. Let’s get them food. Let’s do this and that.” Here’s my advice generally across the board, if you belong to existing charities, if you already donate to well-established charities—big names that we all know—stick with them in these times. They will divert and pivot the money and their efforts toward coronavirus charities. They’ll do that for you.
I’m not going to plug any. We all know the big names. United Way is a consortium of different charities. They do the vetting for you. Look to someplace that does the vetting for you, and don’t look at brand new charities.
A really good source for vetting charities that I always recommend for people to look at is a site called Charity Navigator. They look at the history of a charity, how much money actually goes to their causes, how much goes to overhead, how much goes to the staff. You can really understand if this charity is well-established and how good they are at managing the funds that are donated to them. That’s a good way of staying away from fly-by-night charities or outright scams.
The other thing I often tell people is to look for the advanced fee scheme, no matter what it is. Let’s go back to the investment thing. “Hey, I’ve got a great stock. It’s going to cure corona. Give me your money upfront.” Anybody asking for your money or your personal identifiers right upfront should set the alarm bells off. That cuts across the spectrum of frauds.
The common things of watching out for people who are claiming to have secret knowledge, things that the government doesn’t want you to know, or things that I heard from a friend of a friend’s rich uncle.
We’re going to hear—after this is all over—some horrific stories about exploitation and people falling for things even on a mass level. If we can prevent some of that pain and agony now, we should. That’s the personal category: anything you open on any social media or your email feed. We’ve got to look out for each other. Be very, very circumspect and suspicious.
Don’t trust the new thing. Don’t trust the bright, shiny object that promises you thousands or millions of dollars. Nobody’s going to do that right now. Even some of the valid pharmaceutical things that are going on, some of them are experimental. We just don’t know. They may not pan out. You’ve got to really be careful.
Some of these things may take months or years to come to fruition. We need to be careful that we don’t panic and don’t flip out in the short term.
Indeed, indeed. Then, if you want to move on the business bucket—our work-related bucket—we’d be remiss if we didn’t talk about the massive numbers of people who are working from home right now, and rightly so. We all need to do our part on the containment and isolation. I have to wonder—and it doesn’t take me long to conclude—that many, many businesses—particularly small and medium-sized businesses—are simply not equipped from a cybersecurity perspective to deal with work-from-home.
By that, I mean that they likely don’t have in place the two-factor authentication, VPN, or encryption that allows even routine functions to occur securely from home. Imagine your company’s business data—even if it’s just invoices and accounts payable—being moved home and the right security not being in place. I know this is going to happen. We’re going to see a huge increase in what I call accounts payable fraud.
Even the most sophisticated companies that have all kinds of filters, firewalls, and bells-and-whistles software to tell them, “Hey, you’re not paying this known vendor,” or “This email to this vendor is one letter off from our known vendor, and this bank account number is different from what we usually pay for this vendor,” are going to see this now just break out of control as hackers sit back and watch the rise in employees working from home and say, “Hey, this is a finance clerk working from home in Nebraska. She’s paying invoices. I’m going to pretend to be one of these clients, or customers, or vendors.”
Or an executive within a company.
I tell CEOs and biz leaders to get their IT people together and pay now for increased security or you’ll pay later.
Yeah. The famous click-this-attachment-from-your-boss scheme and pay this vendor right away. It’s going to be a bank account that you should’ve recognized isn’t the known bank account for that vendor. The one letter off on an email or the name, spelling’s not right, grammar’s not right, and you end up paying that bill to a bad guy. It’s going to happen even more than it’s already happening.
I tell CEOs and business leaders, “Get your IT people together and pay now for the increased security or you’re going to pay later.” The answer right now may be that your sensitive function shouldn’t be functioning from home, or that certain people shouldn’t be sending certain files from home.
I suppose for those states without stay-at-home orders, which is about half the country right now, companies should be preparing like, “Okay, if we’re going to have people working via VPN, if we’re going to have people remotely, we need to test all these systems now. Make sure the security is in place. Make sure the two-factor authentication is in place.” Do a trial run with that before your 100 employees go home and all have the same issue on the same day and your IT people lose it.
That’s a great point because for the companies that are hearing this now and saying, “We’re good. We’ve got this in place. We did years ago,” when’s the last time you tested it out on a massive level? By the way, you’re only as good as the last employee who updated it and is truly using it, or has found a way around it. Testing is a great thing to do before you go into massive work-from-home in all functions and stakeholders.
I suppose another work-from-home population that we should be watching out for is—depending on who you listen to—the upwards of 30% of people in stay-at-home states who could be out of work right now. They are looking for jobs, looking for things where they could work from home. That is, unfortunately, another area that’s rife with scams.
We’ve seen this even when there’s not a crisis. Great point. Again, watch out for what’s too good to be true, “You can make thousands of dollars a week telemarketing from home, or filling these forms out, or processing this information.” We’re going to see some really dangerous things happening there. People lose money that they can’t afford to lose right now. Check it out. Do your vetting. Do your research.
It’s really not that hard to determine that the person you’re dealing with is a fraud, and the company doesn’t exist, or only has a shell of a website and a P.O. Box. That’s not going to cut it. They come back to a foreign mailing address or a building somewhere out in the woods. You’ve got to be careful. There’s enough big business hiring now. The Amazons and the Walmarts are announcing huge hiring initiatives. Look at the trusted employers. If it’s too good to be true, don’t do it.
There are other things that are going to come into play on a more sophisticated level with this work-from-home order. I’m seeing manufacturing business, for example, look ever more at robotics as mandatory. New York State has moved 75% of their workforce home. There are some accepted manufacturing levers. When that happens, your shop floor looks empty, you’re looking more at remote manufacturing and robotics.
I worry about the security of that and what we call the internet of things. Whether or not hackers can get into your manufacturing process and your shop floor and literally mess up your product from afar. Again, your admonition to test first before you start producing products remotely. Make sure that it can’t be interfered with.
We’ve got this $2.3 billion-plus stimulus package in the US that’s either already been signed or about to be signed. What are some things that are going to come up because of that?
This moves us into our third bucket. We’ve talked personal, we’ve talked business, let’s go government and even global here. We can only look to history. As they say, the past is prologue. History repeats itself. If we look at prior stimulus packages, bailouts—whatever you want to call them—you see huge amounts of money. This is record-setting, a couple trillion dollars. You know that the bad guys will come out of the woodwork to both try to defraud the government and get a piece of that action, get some of that money, and defraud the other way. Defraud us to think we’re getting that government money when actually we’re not.
Here’s what this looks like during TARP during the 9/11 relief. By the way, TARP was the Troubled Asset Relief Program. It came out of the economic collapse in 2008, and we saw a massive fraud there. Hurricane Katrina, we saw a massive fraud. What does that look like?
Let’s say, for example, we’re hearing that this legislation is going to give money and put checks in the hands of individuals and couples. We’re hearing numbers of $1700 a person, $500 if you have a kid. If you’re a couple making under $75,000 a year, you get additional money. Everybody’s going to want their check. You’re going to see emails pop up in your inbox. They’re going to say, “Hey, this is the government. We have your check for you. Please give us your Social Security Number, your date of birth, and address.” That’s identity fraud. They’re going to steal your identity.
You may even see—in some cases, particularly for business loans—advance processing fees. I guarantee you right now, companies are launching emails that will say, “We will process your claim for you to the government so you can get your small business loan and pay your payroll.” We’re hearing that’s part of the package. It’s just great. We’re going to allow people to continue paying their payroll. “We’ll handle that for you. We’ll process that for you for this fee.”
That’s nonsense. The government’s not going to do that for you. The government’s going to mail you a check. The government’s going to have their form at their official site. Third parties are not needed to do this, but yet people are going to fall for it.
One of the things I’m advocating—and I advocated for in this piece I wrote for NBC Think—was it’s time now for this package—this legislation—to include the creation of the inspector general now to get out ahead of it. Let’s pass laws now to say, “If you specifically try to defraud people related to this package, you’re going to get these penalties,” so that the message is sent. We’re not going to tolerate the kind of fraud we’ve seen before with these programs.
The advice for the consumer and for the business is don’t fall for people reaching out to you, whether it’s phone calls, email, or snail mail. Make sure that you’re going to a government source for the information, not Bob’s I-Can-Help-You-Get-Your-Money website.
As a general rule, third parties will not be necessary as intermediaries between you and the government when it comes to receiving or applying for these funds.
For the most part, the government is not going to be calling people, as far as we know. They’re not going to be sending them emails.
Oh, my Lord. Look at the number of calls. We get robocalls now and spam calls saying that we’re in trouble with IRS or Social Security. That’s going to go through the roof saying, “I am the government calling to process your payment.” Just hang up. It’s not them. Just verify through the website, through the phone book, and the official numbers. The robocalls and spam calls are going to be record-setting.
This is information you should share with your parents, with your grandparents, with everybody. Just because you and I might get it, doesn’t mean our sphere of influence, our friends and our family, are thinking about these things.
Think of your young adult kids who are in a salary range that’s eligible for this. I heard today up to 90% of Americans might be eligible for some form of this based on the salary ranges. It’ll be based on your last year’s income tax filing as to your household income and whether you’re eligible. Think about 90% of Americans saying, “I’ve got a check coming. I’ve got a loan coming.” Think of the opportunity to defraud people in that arena.
Just absolutely massive. Let’s change gears here. On the information front, we’re seeing everything almost at times being polar opposites. When you’re looking at the media, one media is saying, “This is the end of the Earth. We’re all going to die.” The other side is saying, “This is nothing. It’s just a passing whim.” There are some really, really extreme points of view out there with information. What are you seeing on that front?
You’re absolutely correct. As we all know, we’re in a polarized society perhaps as we’ve never been before. So far it’s been political polarization, which while disturbing, we all have learned to live with. We’re all, unfortunately, getting our news from sources that I refer to as echo chambers. We tend to hear only what we want to hear, and it confirms and affirms what we want to believe.
My fear is that we’re moving from political polarization to polarized pandemic response. That’s really dangerous.
The problem now is my fear that we’re going to move from political polarization to polarized responses to a pandemic. That’s really dangerous. What I don’t want to see is two Americas where one group of folks—because of their political leaning—is buying into, let’s say, the hoax theory that this isn’t as bad as it is, the virus isn’t that bad, we should all be out and about. Then we see other people saying, “No, I tend to get my news here. I think this is far more serious. I’m staying home.”
We literally don’t want to move into two societal responses to a pandemic. Because I’m a national security guy and spent 25 years at the FBI working counter-intelligence and eventually heading counter-intelligence, I’m attuned to the foreign influence to try and polarize us.
Even the US State Department has already had a release of information saying that Russia is already exploiting the coronavirus, and trying to divide us, trying to spread disinformation. We’re seeing some ugly, ugly things, whether it’s foreign-based, or whether it’s certain hate groups, and domestic groups.
People have sent me things saying, “Hey, this religious group is responsible for the coronavirus” and “This ethnic group did this to us.” “These two countries are combining to secretly spread the virus.” All of this is utter nonsense, but it plays on our biggest fears, our existing animosities toward certain groups that might exist, our prejudices, racism. We’ve got to call this out and pay extra attention. Don’t be afraid to block and report whatever you see come across your screen that looks like it is just dangerous propaganda.
I’ve definitely seen the effects of that on people of certain ethnic groups being assaulted and being harassed out in public because of some of the rhetoric that’s been used and some of the news coverage as well, such as, “It’s this ethnicity’s fault.” What I’ve seen in human nature is that when there’s something really scary that we don’t understand, it’s a lot easier to blame something that we can identify than to say, “I’m out of control. There’s nothing I can do about this. I just have to wait.” It’s always easier to believe the conspiracy than to believe that sometimes, Mother Nature just does some really mean stuff.
You hit it right on the head. It goes to the heart of not only scams and cons but into how foreign intelligence services work. Humans want simple solutions to the scariest, most complicated problems. It’s simple to say, “It’s their fault.” It’s simple to say, “We’re all going to be back at it, full-blown in the economy in two weeks.” It’s simple, it’s hopeful. We want to embrace it because getting there is so hard. The planning, the strategizing. “I hope we’re out and about and the economy’s fully restored in 2-3 weeks.”
The medical people are saying, “No.” It’s going to be a complicated strategy to get us there. We’re going to have to get really into the weeds on data, and analyze what the hotspots are, and who may or may not be able to travel from where or when. We may even get into sophisticated testing of who’s already got antibodies indicating they are safe from the virus now. This is complicated stuff that won’t happen in two weeks. People want to embrace simple solutions.
The same thing happens on the scam side. When you click on something that offers you that simple explanation or solution—you’re probably making a mistake.
This is just one of those situations where you’ve got emotion, urgency, panic, health, and fear on a worldwide scale. It’s just the ultimate opportunity for scam artists.
Those of us in law enforcement call this a target-rich opportunity for the bad guys. We’ve got to make ourselves harder targets for them.
In general, where should people be going for information on coronavirus, government response, and programs?
It’s smart now—if you haven’t already—to subscribe to the known, well-established, vetted sites. The Centers for Disease Control, the World Health Organization, which, by the way, recently put out the 12 Myths About Covid-19. They’re going to do this on a continual basis. There’s a reference in my recent article at NBC Think where you can click on the link to the WHO site.
The World Health Organization, CDC, Johns Hopkins University have good private-sector-driven data. Also look into the medical experts for your state because, more than ever before, this is a state and county response. It’s designed that way. Hook up with your county health department, your county medical director, your state medical director. Rely on those people and those offices for what’s happening in your locality. Stay away from all else.
Frank, thank you so much for taking the time to come on and share your expertise with us. If people want to learn more about you and hear about what you’re saying, how can they get ahold of you?
I’m at Twitter: @FrankFigliuzzi1. I’m posting daily. You can check me out—sometimes several times a week—as a National Security Analyst on MSNBC and NBC. Increasingly, I’m writing on these topics for everything from the New York Times to NBC Think.