Jump to main content


Pandemic Scams: Steps to Keep Safe

The uncertainty surrounding the coronavirus pandemic has created more opportunities for scammers, hackers, robocallers, and other fraudsters. This article explains some of the risks and how to avoid them.
Pandemic Scams


Many of us have been awaiting stimulus deposits or checks from the CARES Act. Millions of Americans have filed new claims for unemployment benefits in the last two months. Many businesses are navigating complicated guidelines for PPP loans. Some of us are using mobile banking services for the first time. So when you see an email or receive a phone call from someone who claims to be a bank or a government official, it’s almost impossible to ignore.

In addition, with so many people being required to work from home, our personal and work networks and devices have become more attractive targets for hackers looking to infiltrate businesses or your personal accounts.

And recently, an alarming increase in false unemployment claims have been reported, with Washington State appearing to be hardest hit with hundreds of millions in fraudulent claims reported so far.


For starters, simply follow recommendations for keeping safe online. In addition, the Federal Trade Commission issued a warning and safety tips, advising people to not respond to emails, texts, or calls from those claiming to have information about checks from the government, among other schemes.


This “imposter fraud” scam emerged in early May and seems to have hit Washington residents first and hardest. In a nutshell, the fraudsters appear to have social security numbers and other personally identifying information they are using to set up new accounts to file new claims for unemployment with the Employment Security Department (ESD). So that means you’re most vulnerable to this scam if you have never filed an unemployment claim before. Therefore, you should create/claim your ESD account as soon as you can.


The Seattle Times published a good article with clear, succinct recommendations on steps to take if you have been a victim of this crime. Here’s a recap:

  1. If you work for someone else, tell your employer you received a fraud notification from the Employment Security Department. Your employer will then report that to the ESD. Businesses can report fraud in bulk if they have multiple employees who are fraud victims, and that helps investigators clear cases in bulk.
  2. Report the fraud to ESD either online or by phone at 800-246-9763. You'll be asked to provide the last four digits of your social security number, your birthday, and a brief description of how you found that an imposter fraud claim was filed.
  3. Report the fraud to additional agencies, including your police department, the Federal Trade Commission or the Attorney General's Office.
  4. Check your credit report for any unfamiliar accounts or changes.



Many of us have anxiously turned to the web to search for information and to purchase items that are difficult to find or buy in-person. Fraudsters are trying to capitalize on our behavior by creating fake websites to collect your personal information and gain access to your finances.

Here are a few tips to protect yourself from fraudulent websites:

  • Check the website’s URL. A phony site may look identical to a government or banking website, but the domain name in the address bar is a giveaway of a fake. Click on your address bar and look for domains ending in “com.co,” “.ma” or “.co” instead of more legitimate domains like “.com,” “.org” or “.gov.”
  • Install an ad blocker. To prevent your browser from loading a shady ad seeking your personal information, you can download an ad-blocking extension for your browser.

Scam callers, often called robocallers, often appear as "Unknown" or "No Caller ID." Increasingly, these scammers  “spoof” phone numbers, manipulating phone networks to ring your phone from numbers they aren’t actually calling from — including digits that belong to your bank or a government agency. If they get through to you, they use a number of tricks to try to get you to share personal information. They do their homework on you and adapt to your responses.

 So here’s what to do:

  • Hang up the phone and call back. Telemarketers and robocallers have been a nuisance for years, but now more than ever, we should be wary of any call from a business or an organization. If, for example, your bank calls with a fraud alert, hang up and call the customer service number on the back of your credit card and ask your bank whether it truly tried to call you.
  • Remove businesses from your address book. A saved entry in your address book could give you false confidence that a call is legitimate. Let’s say you have Citibank’s support number saved in your address book and labeled it “Citibank.” If a fraudster spoofed Citibank’s support number and called you, your smartphone would show that a call is coming in from Citibank. It’s best to delete these phone book entries so scammers don’t catch us off guard.

Phishing, in which a scammer impersonates someone to ask for your personal information, is one of the oldest internet scams. But it still happens because it works.

Fraudsters have adapted to the ever-changing news cycle in the pandemic. In emails and texts, they have worn several disguises, pretending to be the World Health Organization, the Centers for Disease Control and Prevention, the Internal Revenue Service, and more. Their emails and texts purport to have information about the virus or how people can get financial assistance. But their messages frequently contain links to websites asking for personal information, or they download files containing malware.

 Here’s what to look out for:

  • Check the sender. Similar to fake websites, fraudulent email addresses will look like legitimate ones but often be off by a character or two. Similarly, scam texts tend to come from phone numbers with more than 10 digits.
  • Check — but don’t click on — hyperlinks. In most email programs, you can use your mouse cursor to hover over a link and see a preview of the page it will open. If the link looks suspicious, mark the email as spam and delete it.

In a text, avoid clicking on links from unknown senders — and don’t respond.


What’s unique about the pandemic is that millions of office workers are working from home. That means the attacks on our companies are increasingly being directed at us at home. Hackers trying to steal information from a business might look to attack our personal email accounts or home networks.

The onus is on us to follow some best practices to protect our employers’ data security in addition to our own, he said.

 Those steps include:

  • Check your network security. Like computer operating systems, Wi-Fi routers need security updates. Check the instruction manual for your router to log in to the settings and confirm if it’s running the latest version of its firmware, or software system. If your router is more than seven years old, it probably no longer gets security updates, so your best bet is to buy a new router. Obvious but also important: Make sure your router has a strong password.
  • Keep work and business tech separate. To work from home, employees may be tempted to start using their own tools, like their computers, personal email addresses, and messaging apps. However, your equipment and apps were probably not set up to protect your company’s network security. Therefore, it’s best to do work on company-provided equipment, internet accounts, and software. If you lack a tech tool you need for work, make a request to your I.T. department.

All of the precautions above may sound complicated, but if in doubt, turn back to something you learned in childhood and add a twist: Never talk to strangers, especially when they ask for your personal information.