FICO’s advice on six types of Covid-19 scams

At FICO, part of the core mission is to keep people safe from fraud. It has therefore identified the 6 Types of COVID-19 scams the public should watch out for:


With phishing, bad actors use malicious emails that are disguised as legitimate to trick people into providing sensitive information or taking potentially dangerous action. This could take the form of an email that appears to be from a well-known company, like your bank, and may ask you to open an attachment with malicious software or call a fake customer service number.

There is also spearphishing where fraudsters perform a very targeted attack on a researched person or organization. For example, you may receive an email that appears to be from a family member requesting that you transfer money right away.


Vishing is like phishing, but over the phone. Criminals take the same strategy and deploy it via phone calls. These attacks have become more sophisticated over the years.


Smishing is similar to phishing but is executed through text messages. Earlier this year, many received a text message they thought was from FedEx, but instead came from bad actors directing recipients to enter direct debit instructions.


Pretexting entails someone contacting you and lying about who they are to trick you into giving them something they want. Beware of people claiming to be part of reputable organizations, like research firms or government agencies, asking you for personal information like bank card numbers.

Fake Profiles

There are fake profiles being set up on social media, often with connections you recognize, that will contact you and attempt to trick you into taking an action that benefits them. After making it appear that they know you, a fraudster may message you asking for money or personal information on social media. This can also take shape as a romance scam, where the criminal creates an enticing fake profile and builds a relationship with their unsuspecting victim.

Quid Pro Quo

Quid pro quo scams offer a benefit to the victim in exchange for information. Studies have shown that people have given away their passwords for small gifts, such as chocolate, which is a trick fraudsters also employ.

How to Protect Yourself – FICO tips

Always confirm requests through another channel that you know is legitimate. Fraudsters create a sense of urgency so that you won’t have time to think about your response or check it out. There is typically a time-sensitive request that immediately needs you to take some type of action. For example, this could be a message from your “boss” that says if you don’t wire funds to a client in the next hour, an important account will be lost.

Watch out for “fun” requests for information. Criminals have got savvier and have created ways to make their information gathering seem like a fun activity. This sometimes takes the form of an online game or quiz that asks for information — the same kind of information can also be found on identity verification questions.

You may not think you would fall for this, but have you ever taken an online quiz that asked what your favorite sport is or where you holidayed at the turn of the new year?

Be cautious about the information you share online. Fraudsters can use the information you freely share to take over your identity or use it to aid them in convincing you that they are someone close to you. Post only information you are comfortable with the entire world having access to and be especially guarded about personal information. Additionally, update your privacy settings on social networks to restrict access only to people that you trust.

Do your research. If you are skeptical about a communication you receive, use your favorite search engine to search relevant terms. Depending on the situation, you could search for the company, product, or situation plus terms like “review”, “scam” or “complaint” to see what others are saying.

Leverage technology to regularly monitor your bank accounts. Set payment thresholds and low balance notifications, so that you are aware of sudden changes or unexpected charges to your accounts.

Use a different password for each account and enable multi-factor authentication where available. Utilize a random password generator and a password manager to increase the difficulty fraudsters have in gaining access to your various accounts. Many accounts now offer the ability to set up multiple steps in authenticating that the person logging in is who they say they are. Enable this capability so that additional measures are taken. These methods could include things like providing a PIN, a number distributed via text message or a biometric identifier.

What to Do If you’ve Been a Victim of a Scam

Don’t panic. It can be extremely distressing to be a victim of a scam. Try to remain calm. Take steps to stop the fraudster in their tracks and find out if any remediation is available.

Report the scam immediately. People sometimes feel hesitant to report a scam because they feel embarrassed about being taken advantage of, but the sooner the scam is reported, the sooner steps can be taken to reduce the damage and stop it from happening to other people. In the UK suspected fraud should be reported to Action Fraud UK.

Monitor your credit report

Check your credit report for any unusual activity.

Liz Lasher, Vice President of Fraud, Financial Crime and Cyber Risk Portfolio Marketing at FICO