Running a successful tax and accounting firm requires staying on top of an ever-changing flow of information. New tax laws, software updates, due diligence requirements, and data security all compete for your attention every year.
New legislation can have month- and year-long lead times, but new phishing scams seemingly pop up every single day. That’s largely due to the ambulance-chaser mentality of the identity thieves who use them. Anytime there is an event involving the exchange of money—from online sales to natural disaster relief—criminals try to get in on the action.
As you might expect, the COVID-19 pandemic has seen its fair share.
The Federal Trade Commission this week warned of yet another phishing scam involving the global pandemic. According to the agency, criminals have been trying to “sell” vaccines and vaccine registrations with online ads, emails, instant messages, and phone calls.
Regardless of how legit an email or Facebook ad might look, the FTC points out that COVID vaccines are not available for purchase online, and vaccine recipients “don’t have to pay out of pocket … before, during, or after [their] appointment.”
Since phishing can sometimes be hard to spot at first glance, the FTC put together the following list of tips that should inoculate you and your clients from COVID vaccine scams:
- Ignore online ads, social media posts, or phone calls from people offering to sell you the COVID-19 vaccine. You can’t buy it — anywhere. The vaccine is only available at federal- and state-approved locations.
- Don’t pay to sign up for the vaccine. Anyone who asks for a payment to put you on a list, make an appointment for you, or reserve a spot in line is a scammer.
- Don’t pay out of pocket for a vaccine — not before, during, or after your appointment. That’s either a scam or a mistake. If you’re insured, the vaccination site might bill your insurance company for an administration fee. If you’re not insured, there’s a fund set up with the Health Resources & Services Administration (HRSA — part of U.S. Department of Health and Human Services) where sites can recover their administrative costs. Either way, though, they’re not supposed to bill you or charge a co-pay.
- Never share your personal, financial, or health information with people you don’t know. No one from a vaccine distribution site, health care provider’s office, pharmacy, or health care payer, like a private insurance company or Medicare, will call, text, or email you asking for your credit card or bank account number to sign you up to get the vaccine. And remember, you’re not required to give your Social Security number to a vaccination site. You shouldn’t be turned away.
- Contact a trusted source for information. Check with state or local health departments to learn when and how to get the COVID-19 vaccine. You can also talk with your health care provider or pharmacist.
- Don’t post your vaccination card to your social media account. Your vaccination card has information on it including your full name, date of birth, where you got your vaccine, and the dates you got it. When you post it to Facebook, Instagram, or to some other social media platform, you may be handing valuable information over to someone who could use it for identity theft.
As cliché as it might sound, knowledge is power. Knowing the signs of phishing scams—whether generally or for specific grifts—is generally the best way to keep your personal information and business database out of the hands of identity thieves. (Well, that and remembering to NEVER CLICK LINKS IN EMAILS!)
So, make sure to spread the word to your employees and clients about this latest COVID scam—then remind them to report suspicious emails, phone calls, and social media messages. Follow the instructions on IRS.gov for reporting tax-related phishing scams, and visit ReportFraudFTC.gov for most everything else.
Source: “COVID vaccines are FREE!,” FTC.gov