According to the FBI, fraud and cyber crimes are on the rise during the COVID-19 pandemic. We have compiled information from trusted sources to help you protect yourself at this time. If you scroll to the bottom of this page you will find additional links to additional information and resources.
Please note that Coconino County Treasurer’s Office will never contact you asking for financial information.
What is it: Cybercriminals access your email through phishing scams, website breaches, malware, or simply guessing your username and password. They access your personal and financial information by combing through your emails or they commit payment fraud using your email address.
What can you do: You need to protect yourself from (1) having your email hacked and (2) from falling victim when someone you know has their email hacked. Remember, bank account information doesn’t change very often, so be on high alert if you receive any email asking for a change in bank information.
- Protect yourself from an email hack. Use strong usernames and passwords, and change your password regularly. Keep information in a secure space and do not share it with others. Install and use anti-virus software.
- Protect yourself when someone has had their email hacked. Keep an eye out for changes in email formats, such as font changes, salutations, bad grammar, spelling errors, and poor sentence structures. If the sender is creating a sense of urgency and pressuring you to bypass controls, follow up with a verbal confirmation. Never give into changing dual controls and office procedures as a result of an email request.
What is it: An attempt to mimic, or spoof, a valid email address to trick individuals into believing it is from a trusted source.
What can you do: Slow down and examine emails very closely. It may appear at first glance to be from someone you know, but when examining more closely the email address may not be accurate. For example, @coconinoaz.gov can appear similar to @coconino.az.gov, and email@example.com can appear similar to firstname.lastname@example.org. Always confirm any changes with verbal confirmation. This is the safest way to protect yourself from falling victim to any email fraud. Remember, bank account information doesn’t change very often, so be on high alert if you receive any email asking for a change in bank information.
What is it: A transaction that results in payment to a cyber criminal. This includes (1) ACH and Wire Fraud, (2) Check Fraud, (3) Credit Card Fraud and (4) Skimming Fraud.
What can you do: Payment fraud of all types are on the rise. Below are specific strategies for each type of payment fraud.
- ACH and Wire Fraud. Remember, bank account information doesn’t change very often, so be on high alert if you receive any email asking for a change in bank information. Place dual controls on accounts if possible. Install and maintain antivirus software.
- Check Fraud. Implement positive pay if it is available. Safeguard your incoming and outgoing mail as fraudsters will attempt to access any mail that appears to have a check in it. Reconcile your monthly statements ASAP and look for any suspicious activity. Pay bills online to reduce your check volume in circulation. Keep your check stock locked up at all times. Never give your account or bank information to someone you don’t know.
- Credit Card Fraud. Report lost or stolen credit cards immediately. Treat all cards as they were cash and protect them appropriately. Never use the same PIN for multiple cards, and do not store the PIN with your credit cards. Always check your transaction history and verify amounts of purchases. Report any suspicious activity immediately.
- Skimming Fraud. Be aware of your surroundings and leave immediately if you notice anything suspicious. ATM and gas pumps are most at risk for skimming machinery. Inspect any machine and do not use if there is any indication a skimming device is attached to it, such as old tape, loose or cracked PIN pad, or glue residue. Monitor your accounts for any suspicious charges or withdrawals.
Mobile Device Takeover
What is it: When fraudsters take over your mobile device without having to steal it physically. Also known as "phone hijacking" or "SIM swap attack".
What can you do: There are a number of things you can do to protect yourself. Below is a helpful checklist.
- Spot fraud by paying close attention to any disruptions in cell phone service, such as not receiving text messages and phone calls. Contact your mobile provider immediately if you notice any disruptions in service.
- Add layers of verification such as a verbal password to your mobile service account. Enable multi-factor authentication for all online accounts if offered. Protect all mobile devices and tablets with fingerprint or facial recognition technology.
- Protect your identity at all times. Avoid using the same PIN on all of your devices. Verify callers before providing any personal information. Unsure if the call you received is from the business they say they’re calling from? Hang out and call the business on a known number.
- Reset old phones to its factory settings before trading in old devices.
What is it: A criminal impersonates someone you know and trust by contact via phone, email, fax, or postal mail and submits a false invoice or requests a change to vendor payment instructions. Also known as Business Email Compromise (BEC). Impostor fraud is difficult to detect because transactions made on your account are consistent with regular payments and are made by yourself or authorized personnel.
What can you do: Below are a few strategies for protecting yourself. You can also click here for an impostor fraud protection checklist created by Wells Fargo.
- Verbally verify of any changes to payment instructions you may have received. Make sure you call a known business number to verify requests. Be weary for any "call back" numbers included on requests if they do not match contact information on file.
- Check for red flags such as high degree of urgency, keeping the payment confidential or avoiding approval from supervisors, changes in contact information from what is on file, and changes to individual beneficiary instead of commercial beneficiary information. Remember, bank account and routing numbers do not change very often.
- Utilize dual custody appropriately and ensure that all information is verified, not just rubber stamping payments.
Wells Fargo has created a one stop site for fraud protection. Click here to access the site. Highlights include:
- Six Ways to Protect Yourself and Your Company Online
- Best Practices for a Company’s Cyber Health
- Impostor Fraud Protection Checklist
FBI has created a dedicated website to protect individuals and families from crime during COVID-19 pandemic. Click here to access their website. Highlights include: