Hari Ravichandran is the CEO and founder of Aura, with over 40 approved or pending technology patents to his name. He was recognized by Forbes magazine as one of the most powerful CEOs 40 and Under in 2014 and 2015. Hari holds an MBA from the Wharton School at the University of Pennsylvania and a BS in Computer Engineering from Mississippi State University.
Jory MacKay is a writer and award-winning editor with over a decade of experience for online and print publications. He has a bachelor's degree in journalism from the University of Victoria and a passion for helping people identify and avoid fraud.
The COVID-19 pandemic has fueled a fraud free-for-all across the country.
More than 700,000 Americans have been victims of Covid scams, with the median loss costing $425, according to the Federal Trade Commission (FTC) [*].
But while reports of Covid scams have fallen from their peak in March 2021, thousands of Americans still get scammed every month.
So, how can you keep yourself healthy and safe? In this guide, we’ll look at the latest Covid scams that you need to be aware of and review how you can protect yourself and your family.
How Do Covid Scams Work?
Covid scams include any scheme that uses the confusion of the pandemic to steal your money, identity, or both.
Fraudsters prey on fear and uncertainty. And the Coronavirus pandemic has opened up new opportunities for scams — resulting in billions stolen from citizens and the government.
Here’s an example:
Let’s say you’re checking your email at work and get a message saying you’re eligible for an additional COVID-19 stimulus check. You click on the link, fill out your personal information, and pay a $75 check processing fee.
A few days later, you get a call from your credit card company. Someone has spent thousands of dollars using your card information.
Unfortunately, anyone and everyone is vulnerable to these types of scams.
There’s a common misconception that older people are the most common targets, but research shows otherwise. A recent survey of financial identity theft victims showed that 30% of victims were between the ages of 35 and 44 — more than any other age bracket [*].
The best way to protect your identity and money is to know the common Covid scams to watch out for.
We’ve compiled a list of both recent and longstanding COVID-19 scams, along with real-life examples so that you can learn how to spot imposters.
1. Phishing emails, texts, and calls designed to steal personal information
Phishing occurs when a scammer contacts you pretending to be someone you trust — such as your bank or a government agency.
The fraudsters try to gain your trust so that you’ll give up personal information — such as your Social Security number (SSN), Medicare number, or bank details. They can then use your data for identity theft, to claim pandemic benefits in your name, or worse.
During the pandemic, scammers have conducted phishing scams via email, phone calls, text messages, and even social media. However, according to the FTC, the majority of Covid scams originate from emails or websites [*].
Warning signs of a pandemic phishing attack:
Any unsolicited contact (email, phone call, text, etc.) that asks for your personal information. Scammers target your SSN, account information including usernames and passwords, and financial information like credit card numbers or bank accounts.
Threatening language that creates a sense of urgency aimed at getting you to share information or click on links.
Emails, texts, or websites that look official but have typos or come from unfamiliar senders or domains.
What to do: Ignore phishing messages and report the fraud to the FTC at ReportFraud.ftc.gov. If you’ve given personal or financial information to a scammer, you’ll want to freeze your credit and follow the steps of what to do if your identity is stolen.
2. Stimulus check fraud and overpayment scams
The American government approved a record $4.6 trillion in pandemic benefits [*]. So, it’s no surprise that fraudsters have used Economic Impact Payments to run a number of scams.
In many of these scams, fraudsters offer to provide an additional stimulus check, or expedite a payment for a fee [*].
They might also pretend to be from the government, send a bogus stimulus payment, explain that they sent too much by mistake, and ask you to return the extra money. The check will bounce, and you’ll lose the “extra” money that you returned.
Warning signs of stimulus fraud:
Anyone who asks you to pay to receive a stimulus check is a scammer.
Beware of any message about a “new” payment that isn’t listed on the official IRS site.
Any mention of alternative payment methods such as cryptocurrency, gift cards, wire transfers, or apps like Venmo, Zelle, or Cash App.
What to do: If you’ve sent money to anyone for a stimulus payment, immediately reverse the charge if possible. Report the fraud.
3. Paycheck Protection Program (PPP) fraud
The PPP program offers generous loans to qualifying businesses during the pandemic, but it’s been rife with fraud. Fraudsters have recruited unknowing individuals, applied for loans with stolen identities, and charged bogus “processing” fees.
Promises of easy money with vague explanations about where it will come from.
A PPP website that requests account information or login details.
Anyone who charges to help you get a PPP loan.
What to do: If you discover a PPP loan has been taken out in your name, report the fraud to the U.S. Small Business Administration’s (SBA) Office of Inspector General.
4. Remote worker hacking and data breaches
During the pandemic, many companies shifted to remote work. But hackers have taken advantage of remote workers’ lack of device and network security to breach company databases and sell information on the Dark Web.
Remote workers caused 19.8% of security breaches in 2020, according to data from MalwareBytes [*].
Using public Wi-Fi, opening suspicious emails, or using your personal device for work can leave your company open to breaches — and leave you liable for losses.
Warning signs of remote work breaches:
Your device is acting strangely or working slower than usual. You might also see signs that you’ve been hacked — such as suspicious programs or malware on your computer.
You start to receive emails with typos or from unfamiliar senders asking you to click on links or download files.
What to do: If you believe you’ve created a security issue for your company, tell your manager or the IT department immediately. Then, change all your passwords and enable two-factor authentication (2FA) on your accounts.
Pro tip: Protect your devices and home network with antivirus software and a virtual private network (VPN). These tools stop hackers from spying on your computer or installing malware that can hack into your accounts.
5. Scammers applying for unemployment benefits in your name
Scammers will often contact you with offers of helping you apply for benefits. However, they’re really just trying to steal your personal information so that they can claim the benefits in your name.
For example, a Detroit man was arrested after law enforcement discovered while monitoring his Instagram account that he was part of an unemployment insurance fraud ring [*].
Warning signs of unemployment fraud:
Emails, calls, or websites “guaranteeing” money from federal programs for anyone who applies.
Anyone who asks for fees or excessive personal information (SSN, bank information, etc.) when applying for a benefit.
What to do: If someone has used your information to apply for fraudulent unemployment benefits, report the identity theft to your state’s Department of Labor office.
6. Fraudulent compensation for vaccination
In the United States, COVID-19 vaccines are free for everyone — but you won’t get paid for getting one.
If anyone demands payment for a vaccine or offers a reward, it’s a scam.
Warning signs of vaccine scams:
Messages or calls threatening penalties for not getting vaccinated.
Messages or calls offering money for getting vaccinated or showing proof of your vaccination status.
What to do: If you’ve paid money for a vaccine, try to reverse the charges. You should always contact your insurance company or verified healthcare institution for accurate information on vaccines.
7. Scammers tricking you into giving up your Medicare number
Scammers are also using the pandemic to try and steal your Medicare number (for medical identity theft). Beware of calls that ask for your insurance account number or health data. (Here's what a Medicare scam call sounds like.)
Unscrupulous healthcare providers have also used the Coronavirus pandemic to get patients to share health data which the providers then use to defraud insurance companies. For example, two lab owners were convicted in 2022 of scamming Medicare patients out of $144 million [*].
Warning signs of health insurance scams:
Incoming calls asking for health insurance information or other data.
Healthcare providers who aggressively push expensive treatments or equipment.
What to do: If you’ve provided health insurance information to a scammer, contact your insurance company to let them know.
New scam sites have appeared offering discounts on healthcare products like home test kits or face masks. Some will even send you fake text messages to try and threaten you into buying their fraudulent products.
Some don’t have products and just pocket the money, while others collect your financial information for fraudulent purchases. Others sell fake or ineffective products. As many as 70% of KN95 masks for sale don’t meet minimum health standards [*].
Warning signs of fake online stores:
The store has several unresolved consumer complaints with the Better Business Bureau (BBB).
The site is very new (based on official ICANN lookup records) and is poorly designed.
You can’t find third-party reviews of the site from previous customers.
What to do: If you’ve purchased a product from an online store that you think is fake, try to cancel the order. If you can’t, dispute the charge on your credit card, and report fraud. You can also do a full Dark Web scan to see what personal information of yours has leaked online.
Package delivery scams have been around for years, but they became more effective when the pandemic forced more people to order online.
Here’s how the scam typically works:
An imposter sends a scam text message or email purporting to be about a package you ordered (one of the most common is the UPS text scam). The message will include a link to “reschedule” your delivery. But if you click on the link, it will download malware to your device or send you to a phishing site that will request personal information.
Scammers know that if they send the message to thousands of people a day, at least a few will have pending packages.
Warning signs of package delivery scams:
You’re being notified about a delivery that you didn’t order or aren’t expecting.
The text message or email comes from an unfamiliar number or address (or one that is visually similar to a legitimate company, such as “Fed-ex-support.com” instead of “fedex.com”).
The message only includes vague wording, like “package service” or “online store” instead of the name of the store or delivery service.
Notifications include typos or poor grammar.
What to do: Ignore these phishing attempts. If you’ve clicked on a scammer’s link, scan your device for malware. If you’ve shared personal information, follow the steps below for securing your identity and reporting fraud.
Pro tip: Protect your devices from malware with antivirus software. Aura works on your phone and computer to stop malware and warn you of phishing sites.
10. Fraudulent vaccine and testing clinics
COVID-19 testing and vaccine centers seem to have appeared overnight, but not all are legitimate. One Illinois-based chain of testing clinics shut down after multiple state and federal investigations found that they were stealing patient information and providing false results [*].
These scams do not merely cause financial harm to victims; they are also potentially dangerous and can lead to serious (even life-threatening) health risks.
Warning signs of COVID-19 clinic scams:
Beware of any testing facility that doesn’t display reviews or certifications online.
Look for signs that it isn’t following protocols — such as poor sanitation, unclean facilities, or failure to require face masks and social distancing.
Beware of requests for excessive personal information, such as your SSN. Refusal to take insurance is a clear sign or a scam, along with cash-only payment requirements.
What to do: Walk out and don’t fill out any patient information. You should also report the scam to both the BBB’s Scam Tracker and the FTC. If you suspect you’ve been a victim of a COVID-19 vaccine scam, you should check with your doctor — as the vaccine may not have been genuine.
11. Robocallers claiming to be from government agencies
Scammers are making Covid-related robocalls pretending to be from agencies like the Centers for Disease Control and Prevention (CDC), Department of Health and Human Services (HHS), World Health Organization (WHO), Food and Drug Administration (FDA), or even your state’s department of health. They can even spoof the number that you see on your caller ID, making the call look official.
The challenge is that these agencies sometimes make legitimate calls to gather survey data. To be safe, only provide broad information that could apply to thousands or millions of people (like what type of vaccine you had).
Warning signs of robocalling scams:
The call makes a threat or promises some type of reward for your participation.
The call requests payment of any kind or asks for your credit card number or health insurance data.
What to do: Hang up as soon as you hear a robocall. In most cases, actual organizations will reach out to you personally. If you’ve given up personal information, look for the warning signs of identity theft, and then file a fraud report with the FTC.
12. Cryptocurrency fraud schemes
Many Covid scammers ask for payment in cryptocurrencies like Bitcoin to ensure that they can’t be traced. While cryptocurrency is only the seventh most-used payment method for COVID-19 scams, it resulted in the second-largest monetary loss [*].
Warning signs of cryptocurrency scams:
Beware of any person or business that requests payment in cryptocurrency, especially if they only accept cryptocurrency. This is a red flag indicating that they may be scamming you online.
If anyone promises big earnings by investing in cryptocurrency, it’s a scam.
What to do: Never send cryptocurrencies to people you don’t know. Government agencies will never ask for you to pay fees in Bitcoin or similar payment channels.
13. Pandemic charity and fundraising scams
Scammers aren’t afraid to prey on the kindness of people who just want to help. And the Covid pandemic has presented the perfect opportunity to create bogus charity scams.
These scams work by asking you to donate, or by asking for your help with a donation [*]. Of course, there is no charity; and the money — or your bank account information — goes straight to the scammer.
Beware of fundraising efforts with unusual payment requirements, including cryptocurrency, gift cards, or payment apps like Venmo.
What to do: Research any charity or fundraiser organizers before sending them money. If you think you’ve donated to a Covid scam charity, try to reverse the charges and report the fraud to the FTC.
14. COVID-19 text scams
The pandemic has provided a plausible backstory for all kinds of text scams. Typically, a scammer will collect phone numbers from the Dark Web and send batches of texts that all lead to a link meant to steal more information.
Warning signs of text scams:
Texts from unknown numbers — especially texts that include links.
Urgent messages, threatening language, or too-good-to-be-true offers.
What to do: Ignore and delete any unwanted messages — even if they promise you a reward or payment. If you’ve clicked on a link in a text message, look for signs that your phone has been hacked.
15. Fake “proof of vaccination” emails
One very effective scam targets employees who are still getting used to working amid a pandemic. Scammers send an email to your work address either asking you to download a file, click on a link, or share your vaccine card. This can allow the scammer to hack your computer or collect valuable personal information.
If you get an email like this one below, verify whether or not it’s legitimate by contacting your employer separately (ideally via telephone).
Warning signs of proof of vaccination scams:
Be very cautious of internal work emails sent from addresses outside of your organization.
Don’t trust seemingly safe services like Office 365 or Google Docs, as hackers can hide malware inside them.
Double-check emails describing new policies that you’ve never heard about before.
What to do: If you’ve clicked on a link or downloaded a file, contact your IT department immediately.
16. COVID-19 survey scams
Scammers send emails pretending to be from vaccine companies, asking you to complete a survey [*]. Except the survey isn’t real, and any personal information that you share is used to steal your identity.
Warning signs of Covid survey scams:
Emails or texts from pharmaceutical companies asking you to take part in a Covid survey.
Any survey that asks for passwords, credit card numbers, or bank account information.
A penalty for not taking a survey. All legitimate surveys are optional.
What to do: Ignore and delete scam survey requests. If you’ve given out personal information, update your accounts and sign up for identity theft protection.
FEMA offers a legitimate Covid funeral assistance program. But criminals have used the program as a guise to steal money from those grieving loved ones. With the goal of committing fraud, scammers often scan recent obituaries and target surviving family members.
Warning signs of funeral assistance scams:
A supposed FEMA (Federal Emergency Management Agency) worker reaches out to offer the program to you (the legitimate program does no outreach).
You’re directed to apply online (online applications are not accepted).
You need to pay a fee or supply payment information to get started (the program is free).
What to do: If you’ve given money through a funeral assistance scam, reverse the charges if you can and report the fraud to the FTC.
Did You Give Information or Money to a Covid Scammer? Do This
COVID-19 scams are surprisingly common — 37% of Americans believe they’ve been the target of one [*].
If you think you’ve given money or sensitive information to a Covid scammer, follow these steps immediately:
Contact your identity theft insurance provider (if applicable). An identity theft protection company like Aura will provide you with a dedicated Fraud Resolution specialist to help recover losses. Plus, you’re covered for up to $1,000,000 in insurance for eligible losses due to identity theft.
Place a fraud alert or credit freeze with the three major credit bureaus (Equifax, Experian, and TransUnion). If scammers have your personal or financial information, acredit freezewill stop them from opening new accounts or taking out loans in your name.
Report the fraud to government agencies and your local law enforcement. File a fraud report with theFederal Trade Commission(FTC), the National Center for Disaster Fraud, and the FBI’s Internet Crime Complaint Center. You can use your FTC report to make an identity theft claim with local police. This can help you prove that fraud occurred so that you can set up an extended fraud alert on your credit.
Notify any impacted companies. Check your bank and credit card statements and your credit report for fraudulent transactions. Then, contact the fraud department at any affected companies. Tell them what happened, and ask them to close the accounts and reverse the charges.
Secure your online accounts against future fraud. Update all your passwords. Set up a password manager to organize and protect your passwords. Secure passwords are at least eight characters long and include a combination of letters, numbers, and symbols. Wherever possible, set up two-factor authentication (2FA) on your accounts using an authenticator app like Authy.
How To Protect Yourself From Covid Scams
Scammers are always looking for new ways to steal your information and money. So, even if you haven’t encountered a Covid scam yet, there’s a good chance that you will.
Here’s what you need to know to stay safe now and in the future:
Learn the warning signs of phishing emails. These fake emails often have typos or poor grammar and come from unfamiliar email addresses. The majority of Covid scams start as phishing emails — so learning the signs will help keep you safe.
Don’t click on links or download attachments. Any strange, unfamiliar, or unsolicited link or attachment could infect your device with malware.
Ignore unique Covid treatments. Offers for vaccination cards, unproven treatments, and other suspicious medical care are ineffective and are often scams. Stick with proven medical treatments instead.
Research before buying or donating. Review a business on sites like the Better Business Bureau (BBB) or Trustpilot before shopping online. Verify a charity on Charity Navigator or Charity Watch before donating.
Don’t give out personal data. The less information you give out, the safer you are. Keep your Social Security number (SSN), Medicare number, and any other information private. Never share photos of your vaccination card on social media.
Recognize the signs of a scam website. Fake sites often display poor graphics and typos. U.S. government sites should always have “.gov” in the address. For example, “cdc.gov” is a legitimate government website, while “covid19.cdc-gov.info” is not.
Pay with credit cards online. Credit cards offer consumer protections that debit cards lack. Getting your money back from a fraudulent credit card purchase is much easier. Always avoid unusual payment options such as cryptocurrencies, gift cards, or Venmo.
Hang up and call back. If someone calls claiming to be from a government agency like the IRS or FBI, hang up and call back using the official number. If they claim hanging up will only get you in trouble, you can be sure it’s a scammer.
Sign up for identity theft protection. Aura constantly monitors your online accounts and sends near real-time alerts of suspicious activity. If the worst should happen, every plan is covered by a $1 million insurance policy for eligible losses due to identity theft.
The Bottom Line: Stay Safe (and Healthy) During the Pandemic
While the COVID-19 pandemic has brought out the best in many of us, it has also made it easy for scammers to take advantage of the most vulnerable. Learn to spot the signs of common Coronavirus scams so that you’re not the victim of one of them.
For added protection for your identity and financial accounts, sign up for Aura.
Aura constantly monitors your personal information (like your SSN) and financial accounts for signs of fraud. It also secures your devices against malware and hackers with powerful antivirus software and a VPN. So no matter which Covid scam comes your way, you’ll be in good hands.