Scammers are taking advantage of the fear and uncertainty surrounding the COVID-19 coronavirus. Some of the most common scams are described below. It is best to rely on official government and other reputable websites for information. For U-M updates and information, see:
Phishing and Scams Targeting U-M
U-M is sometimes the target of COVID-related phishing email or scams that use stolen U-M graphics or branding, and/or impersonate well-known members of the U-M community. Besides checking the Campus Maize & Blueprint for up-to-date information, you should also:
- Always look at the URL of any website before logging in with your U-M credentials. The real U-M Weblogin site is https://weblogin.umich.edu. If you are already authenticated, going to Weblogin should take you to Wolverine Access.
- Follow the advice in the Phishing & Suspicious Email section of Safe Computing.
An example of a UM-specific phishing email paired with a fake login site can be seen here. Examples of other phishing email can be seen in the Phishes & Scams section.
Fake Contact Tracing
Some scammers have pretended to be contact tracers, attempting to profit off of confusion around contact tracing to steal your identity, money, or both. Check out this information from the FTC to help you tell the difference between real contact tracers and scammers: Help COVID-19 contact tracers, not scammers (FTC).
Fake Test Results at U-M
Back in March 2021, we had a report of a student at U-M receiving fraudulent email claiming that their COVID-19 test results are available. The university is using the LynxDx company for its weekly COVID-19 testing. See COVID-19 Sampling & Tracking Program for details about receiving test results. Check the ResponsiBLUE app for the status of your test. You will receive email from LynxDx 48–72 hours after your test letting you know your results are available. To see the results, you need to create and check an account at lynxdx.health. Carefully examine any email you receive about test results. Hover over links with your mouse on a computer (or press and hold on a smartphone or tablet) to see the actual URL. Do not follow links that go somewhere other than lynxdx.health for U-M COVID-19 test results.
Fake Testing and Medical Supplies
Some scams involve offers of free or discounted coronavirus testing. Offers of tests sold by phone and email are not reliable. Ccontact your county's health services for information on testing in your area. Other scammers have offered personal protective equipment (PPE), thermometers, and other medical supplies that are of poor quality, offered at a price-gouging premium, or that never arrive.
Fraudulent Cures and Treatment
According to the Federal Trade Commission (FTC), "There currently are no vaccines, pills, potions, lotions, lozenges or other prescription or over-the-counter products available to treat or cure Coronavirus disease 2019 (COVID-19)—online or in stores." Any website or email that claims otherwise is a scam.
Fraudulent Requests for Donations
If someone wants donations in cash, by gift card, or by wiring money, don’t do it. See the FTC's How to donate wisely and avoid charity scams.
Identity Theft: Don't Share Your Vaccine Card on Social Media
Some people are so happy and relieved to get the COVID-19 vaccine that they immediately share a photo of their vaccination card on social media. Unfortunately, that gives scammers access to your name, birth date, and the location where you got the vaccine. That information can be used for identity theft.
Identity Theft: Fake Stimulus Checks and Covid Relief Grants
Watch out for calls, texts or emails—supposedly from government agencies—that tell you to click a link, pay a fee, or "confirm" personal data like your Social Security number to secure your stimulus check or other econimic relief payment. Another common con comes via social media, in scam Facebook messages that promise to get you "COVID-19 relief grants."
Insurance and Medical Billing Scams
A number of scams involve offers of insurance, frequently using phone calls that pressure the recipient by referring to the coronavirus outbreak. These scams may attempt to obtain personal information or payments for the fake insurance. Another fraud involves calls or texts claiming that a friend or family member has been hospitalized for COVID-19 and that you need to pre-pay their medical bills for them to receive treatment. Do not rely on caller ID, which can me faked, check out the Phone Scams and Voice Phishing page for tips on spotting fake calls.
Job Offer Scams
Be wary of unsolicited emails offering part-time jobs related to the coronavirus pandemic. These are scams designed to trick you out of you money, personal information, or both. These are a variation on fake job offers we have seen at U-M in the past (IA Notice: Student part-time job scam, 11/26/18).
Malicious Tracking Maps
Attackers are circulating links to malicious websites disguised as COVID-19 maps on social media and through misleading emails. When you visit one of these sites, you may be prompted to install an applet. The applet then infects your device with malware that steals data such as login credentials and banking information. Do not install unknown apps, applets, .exe files, or other files when prompted to do so by a website.
Stick to verified COVID-19 tracking maps, and double-check the URL of linked websites before clicking. See a list of legitimate sites in the box above.
Misinformation
Misinformation email specific to U-M, including email impersonating faculty or staff, has been reported to Information Assurance. An example of such email can be found in a vaccine misinformation phishing alert on Safe Computing.
Beware of emails and social media postings that claim to be from experts. For the most up-to-date information about the coronavirus, visit the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO).
Phishing
The U.S. Secret Service has reported a number of phishing scams related to the virus, and the media frequently report new ones.
- People may receive a phishing email claiming to be from a medical/health organization that links to fraudulent sites where people are asked to enter their email, password, and other identity information. The attachments contain malware.
- Some malicious actors are sending phishing emails claiming to be from a local hospital, telling the recipient they have been in contact with someone who has tested positive for COVID-19. The recipient is asked to open a attachment for a form to take to an emergency clinic. The form contains malware.
Do not open unsolicited, unexpected attachments and shared documents! Instead, look up the number for the alleged sender and contact them via phone to confirm the email and the enclosed information. Learn about phishing at Phishing & Suspicious Email.
Text Message and Robocall Scams
The Federal Communications Commission has received reports of scam and hoax text message and robocall campaigns offering fake home virus test kits, bogus cures, and more. Police departments from Maine to Florida warned of a text message scam in which the recipient gets a text saying someone they came in contact with has tested positive or shown symptoms for COVID-19, recommending self-isolation, and providing a link for more details. Do not click links in unexpected texts from numbers or people you do not know. Do not accept phone calls from numbers you do not recognize. Learn more at Text Message (SMS) Scams—Smishing.
Media Articles and Web Resources
- Beware of Robocalls, Texts and Emails Promising COVID-19 Cures or Stimulus Payments (AARP, last updated 5/18/21)
- Seriously, stop sharing your vaccine cards on social media (CNN, 3/18/21)
- The Better Business Bureau is warning people not to post their Covid-19 vaccination cards on social media (CNN, 2/1/21)
- 'DO NOT click the link'; Police warn of scam COVID-19 text messages (ABC–WJLA, 4/16/20)
- Americans have lost $13.4 million to fraud linked to Covid-19 (CNBC, 4/15/20)
- COVID-19 scam reports, by the numbers (Federal Trade Commission—FTC, 4/15/20)
- Scammers look to steal your stimulus check (CNBC, 4/14/20)
- Law enforcement facing onslaught of coronavirus scams that could last for years (CNN 4/14/20)
- COVID-19 phishing and scams at U-M (ITS IA notice, 4/10/20)
- FBI Urges Vigilance During COVID-19 Pandemic (Federal Bureau of Investigation—FBI)
- Scammers are taking advantage of fears surrounding the Coronavirus (FTC)
- Economic Impact Payment Information Center (Internal Revenue Service—IRS)
- BBB Tip: Top 6 coronavirus scams reported by BBB (Better Business Bureau, 4/3/20)
- Herbs. Silver. Salt. Toothpaste. As coronavirus fears rise, marketers pitch remedies. (The Washington Post, 4/1/20)
- Phishing Attack Says You're Exposed to Coronavirus, Spreads Malware (Bleeping Computer, 3/29/20)
- Feds: Virus frauds spread, preying on Medicare recipients (AP News, 3/23/20)
- Virus outbreak means (mis)information overload: How to cope (AP News, 3/22/20)
- Scammers use robocalls to falsely offer free coronavirus test kits and low-priced health insurance (CNN, 3/20/20)
- Online scammers target vulnerable Internet users during coronavirus outbreak (ABC News, 3/18/20)
- Russia deploying coronavirus disinformation to sow panic in West, EU document says (Reuters, 3/18/20)
- The Internet is drowning in COVID-19-related malware and phishing scams (ArsTechnica, 3/16/20)
- Hackers are using these fake coronavirus maps to give people malware (Business Insider, 3/12/20)
- Warning: You Must Not Download This Dangerous Coronavirus Map (Forbes, 3/11/20)