Avoid Fraudulent Attempts During a Crisis

As cybercriminals become more daring, business leaders should be aware of these five common fraud scams. 

One of the many adverse effects of the coronavirus pandemic is the emergence of opportunistic fraudsters looking to take advantage of business owners who may have shifted focus as other concerns take precedence. The shift of day-to-day work functions into home offices has also provided additional opportunities for cybercriminals' lawless behavior. And these individuals are getting more aggressive: In early April, the FBI warned of an increase in business email compromise scams, some targeting business leaders in search of PPE or other protective supplies.*

Fighting fraud is a never-ending battle, even in this time of uncertainty. Now more than ever, it's important to keep best practices top of mind. To help keep your business and your employees safe online, we're revisiting some of the most common scams and offering tips to prevent them.

Email fraud

In the first three months of 2020, the Federal Trade Commission received almost 12,000 COVID-19-related complaints, more than half of which were related to fraud.** The IRS warns that with forthcoming stimulus benefits comes the risk of fake emails from the IRS or other government entities, requesting financial information. Remember to also watch out for fake emails impersonating executives and management. Finally, make verifying requests for wires and transfers part of your standard practice. 

Email fraud

Email fraud encourages recipients to click on a link or reply with personal information, which can leave an entire company vulnerable. The most common email scams appear to come from senior officers within your organization or from vendors you regularly do business with. This can make them difficult to differentiate from legitimate emails. Stay vigilant. If you see something that doesn’t look or feel right, call the person who sent you the email and verify their request. 


When crises or emergencies happen, phishers feel empowered to exploit the situation. Cyberattackers are posing as reputable organizations or government sources to send COVID-19-related messages. Criminals may also claim to be company leaders affected by the disease and ask to redirect payments.*** Phishers ultimately aim to steal email credentials, other private information or funds. If an email looks even mildly suspicious, err on the side of caution and don't open it.


Phishing is when hackers and fraudsters impersonate legitimate businesses to trick you into revealing your personal information or login credentials through hyperlinks in an email or text message. This tactic is common because it’s easier to trick someone into giving out information than to break through their device’s defense systems. Be wary of unsolicited requests for personal information, and don’t click on links in emails or text messages that you don’t recognize.

Social engineering

More than two-thirds of security experts have observed a jump in cyberattacks since the beginning of the coronavirus outbreak, and 95% say IT security issues have increased due to working-from-home conditions.**** Social engineering can take the form of deception on social media, a text message or a targeted phishing attack. Encourage the use of multi-factor authentication and work with your IT team to ensure your systems are equipped with the most up-to-date safeguards.

Social engineering

Nearly every cyber attack involves social engineering. Cybercriminals use psychological manipulation to trick you into giving up sensitive information. This is usually achieved through illegitimate email offers or impersonating IT callers. Verify the source of any request and never give out personal, financial or company information unless you are sure who is on the receiving end.  

Password theft

Your business may be leveraging more online tools (like video conferencing) to get through this period of social distancing. More passwords are being used, presenting more opportunity for password compromise. It's essential to stay vigilant right now, and this may mean urging employees to update passwords more frequently using unique passwords with stronger credentials.

Password theft

Password theft occurs when hackers acquire username and password combinations on less secure sites and use those credentials to make purchases, borrow money or take advantage of a business. But here’s the good news: Strong password security protects your individual employees and the whole company. Follow company best practices by creating strong, unique usernames and passwords for every online account.

Card skimming

While you might not be getting gas as frequently or shopping in locations prone to card-skimming schemes, you may still be at risk. E-commerce websites are susceptible to hackers who can attack vulnerable sites with malicious code designed to capture credit card information. Make sure you are using an encrypted form or secure website to enter any financial details. Better still: Use a third-party payment system when possible, which provides an additional layer of security.    


Skimming is when a thief places a portable and hard-to-detect device over a credit or debit card scanner, such as an ATM or gas pump reader, that intercepts your information as you swipe. Later, the thief retrieves the device and gains access to your account. Watch for misalignments in the card reading slot, or partially covered stickers or text. If possible, compare with card-reading slots nearby to make sure it looks the same. And if it seems out place, don’t use it. 

* "Coronavirus Worries Allow New Scams To Take Hold," Forbes, April 21, 2020. 

** “Coronavirus Stimulus Check Scams, Fraud, Identity Theft Warning: Safety Tips From IRS as Millions Await Payment," Newsweek, April 13, 2020. 

*** "FBI: COVID-19-Themed Business Email Compromise Scams Surge," Information Security Media Group, April 7, 2020.

**** "A Perfect Storm: The Security Challenges of Coronavirus Threats and Mass Remote Working," Check Point Software Technologies, April 7, 2020.


Want to explore more topics?

Branch Banking and Trust Company, Member FDIC.

New York City residents: Translation or other language access services may be available. When calling our office regarding collection activity, if you speak a language other than English and need verbal translation services, be sure to inform the representative. A description and translation of commonly-used debt collection terms is available in multiple languages at www.nyc.gov/dca.

Branch Banking and Trust Company is now Truist Bank. Learn more.

BB&T and SunTrust have merged to become Truist. Both institutions will continue to offer independent product lines for a period of time. This may include differing underwriting guidelines, product features, terms, fees and pricing. Our friendly teammates at your local SunTrust branches will be happy to walk you through their respective products. You can also learn more by contacting them at 800-SUNTRUST or SunTrust.com.

BB&T Complete Client Protection

about Truist Bank