NEWS
COVID CONS
TIPS TO PROTECT YOUR PHARMACY
Fraudsters are targeting small businesses using coronavirus relief efforts
• Don't ever give passwords or personally
T
• Always verify the email address of the sender.
he economic stimulus programs during the pandemic buoyed small businesses as the economy faltered, but the
relief packages also introduced new opportunities for criminals looking to game the system. Acknowledging that we are "facing unprecedented times," the US Small Business Administration
(SBA) sent out a warning to small businesses alerting them to
identifiable information in response to an unsolicited call, letter, or email.
Many false emails will have a single misspelling, like an extra letter or an extra ".com." (All SBA inquiries will end with @sba.gov)
• Never click on links or download attachments from senders you do not know.
fraud schemes related to the coronavirus relief loans: "Fraudsters
• If you are taken to a website, verify the URL.
have already begun targeting small business owners during these
• Avoid untraceable payment methods, such as
economically difficult times. Be on the lookout for grant fraud, loan fraud, and phishing."
The targeted online scams using coronavirus relief efforts typically
manifest as phishing emails. Phishing emails appear to come from a trusted source, and they will seek to get payments, personally identifiable information, banking access, or sometimes contain ransomware in links or attachment downloads. For example, the email might use an SBA logo requesting your personal information for your loan application. Some may promise to get approval for an SBA loan but require payment upfront or offer a high-interest bridge loan. Sometimes, even clicking on a link in the email is enough to grant criminals access to sensitive information or allow them control over data and devices. They will use victims' information for identity theft and financial theft, or they can sell the information to others for a high price. With the coronavirus, the stolen information has been frequently used to apply for PPP loans and Economic Injury Disaster Loans, as well as unemployment benefits.
One con took victims to a fake SBA website requiring them
cash, prepaid debt cards, or cryptocurrency.
• Use cybersecurity software. • Include warning banners for all emails external to the organization.
• Limit employee access to data and information. • Train employees. All it takes is one click from one employee to jeopardize your whole pharmacy.
• Don't respond to emails about 7a or Disaster
loans—the SBA does not initiate contact for these.
• Do the math on the fees for loan processing.
Here is what the SBA charges: 3% for loans $50,000 or less and 2% for loans $50,000 to $1,000,000 with an additional ¼% on amounts over $1,000,000. If the fees are higher, suspect fraud.
• Sign up for CISA's free vulnerability scanning and testing services.
to use credentials to log in, which the fraudsters then stole. The email was from disastercustomerservice@sba[.]gov with a subject line that read "SBA Application – Review and Proceed" and a
RED FLAGS
message that urged recipients to click on the link. The website
• Offers sounding too good to be true
mimicked the SBA's almost exactly, so business owners were
• Promises to speed up loan acceptance
none the wiser. Astute users would have spotted the brackets
• Offers of bridge loans
in the email address and a shady URL on the website, but other than those subtle red flags, nothing else indicated foul play.
These scams have become sophisticated enough to imitate
very specific businesses you have relationships with, like vendors. Many of them will use some coronavirus spin, such as offering or helping with loans or grants, warning that you've been compromised by another scam, or even asking for donations. Pharmacies should be alert and become familiar with signs of fraud and should have protocols in place to protect the business. We've put together a couple of lists to help.
6
pbahealth.com/elements
• Demands for upfront payment • A ny message with urgent or time-sensitive requests or threats • Emails or texts from official government organizations • Requests to click on links or download attachments • Messages with poor spelling and grammar • R equests or demands to confirm or update personal information • M essages claiming there is a problem with your account • E mails with invoices you don't have record of or weren't expecting
