SECURITY & FRAUD ALERT

---

FRAUD ALERT Updated April 7, 2020 As public fears rise surrounding the spread of the COVID-19 (coronavirus), so too have scammers and criminals looking to exploit and profit from it. They’ve taken to sites like Amazon.com in droves, peddling products that they claim will kill or defend against the virus or offering fake test kits that come with a hefty charge. Fake charitable causes have arisen as well as phishing scams, some claiming that money has been set aside for you and your family to help with the coronavirus. Unfortunately we are being inundated with fraudulent activity in multiple formats. Currently, according to the United States Food and Drug Administration (FDA) there are no known FDA approved vaccines to prevent or approved drugs to treat COVID-19 or other corona viruses. There are clinical trials that are being conducted, but these trials have not yet resulted in an FDA approved treatment. The drugs chloroquine and hydroxychloroquine have been identified as potential COVID-19 treatments based on lab tests and small, limited studies in humans. On March 28th the Food and Drug Administration granted these drugs "emergency use authorization" for the treatment of COVID-19. Hydroxychloroquine sulfate is already approved by the FDA to prevent malaria infections, and to treat types of lupus and rheumatoid arthritis. PLEASE SEEK MEDICAL ADVICE PRIOR TO TAKING ANY MEDICATION TO TREAT COVID-19. https://www.fda.gov/media/136538/download According to CNET.com, Amazon has reacted accordingly by removing more than 1 million listings of items that falsely claim to be a cure for the virus. According to the cyber security group, Redmarlin.ai, as of March 30th, there are almost 113,000 confirmed on-line scams related to COVID-19 (coronavirus) and many more that are still being investigated. Spot a Scam or Criminal Activity:  Scams can include social media posts, texts and websites meant to take your personal information and money and infect computers.  Think twice before investing in companies who say they are working on a coronavirus cure. Check official sources like the U.S. Securities and Exchange Commission before being lured into a scam.  Be aware of fake fundraising. Verify the charity is legitimate. If someone wants donations in cash, gift card or by wiring money, don’t do it.  Beware of anyone calling from an unknown or questionable health department. The local health department is the Florida Department of Health in Broward County.  As Floridians stock up on household disinfectants and other supplies, the State has activated a Price Gouging Hotline. To report price gouging, call 1-866-9NO-SCAM. [1-866-966-7226]  Watch out for online marketing of vaccinations or products claiming to treat the virus.  Do not purchase any products that claim to treat or cure coronavirus with silver solutions. Please be advised that silver solution products also known as “Colloidal Silver” do not have any FDA approval and may even cause harm. According to the National Institutes of Health (NIH) "Colloidal silver can be dangerous to your health".  In addition to fake cures, counterfeit products may be being sold both online and in stores. Such products can be benign in nature and have no effect at all or actually contain harmful ingredients. Please purchase products from reputable online sellers or local retail establishments and check the packaging carefully.  US Customs and Border protection has seized thousands of fake COVID-19 test kits that may contain toxic substances that could harm the user.  There have been numerous reports of unknown individuals going door to door in south Florida claiming to be from the “health Department” or the CDC and attempting to sell Covid-19 test kits or offer to test you. Please be advised that no health department from the county, state or federal government will do this. Do not open your door to any such individuals or purchase any such claimed test kits. These individuals are simply trying to gain access to your home.  A malicious website pretending to be the live map for Coronavirus COVID-19 Global Cases by Johns Hopkins University is circulating on the internet waiting for users to visit the website (Corona -Virus-Map. com) which infects the user with the AZORult trojan, an information stealing program which can access a variety of sensitive data. It can be attached to emails or found on social media. Additionally, anyone searching the internet for a Coronavirus map could unknowingly navigate to this malicious website. Please use caution when searching or accessing information to ensure you are not being victimized.  Beware of email phishing scams regarding COVID-19 information either claiming to be from the CDC or other government websites requesting that you click on a link for further information. This may be a way of either downloading malware onto your computer or requesting personal information. Please DO NOT open attachments in emails from unknown sources. Some emails may appear to be from a trusted friend or associate. Verify the sender’s true identity by looking closely at the sender’s email address. Scam artists usually try to emulate a trusted email address and change one letter, number, or an .org to .com. It could also be a totally different address.  There is a new spear-phishing campaign being spread throughout emails, using the COVID-19 pandemic to spread LokiBot, which is a malware that steals information. It is able to capture a wide range of data, including credentials, stored email passwords, passwords stored in the browser, and more. Researchers found that attackers were using official images and other trademarks of the World Health Organization as a lure to entice victims to open an attached message that contains the malware. In addition, the phishing email pretends to offer details about misinformation concerning the COVID-19 pandemic.  Recently, there have been numerous emails being received attempting to elicit responses by advising the recipient that they have had a large sum of money set aside for them by the World Health Organization to help with the coronavirus. Other emails attempt to inform the recipient that they need to verify their password or their email or other cloud account will be shut down. There has been a huge uptick in phishing scams due to people’s apprehension as fears over the coronavirus rise. Please use the below links from the U.S. Department of Homeland Security regarding “Defending Against COVID-19 Cyber Scams” and “Home Network Security” and the link from Norton Security regarding online corona virus scams:  https://www.us-cert.gov/ncas/current-activity/2020/03/06/defending-against-covid-19-cyber-scams  https://www.us-cert.gov/ncas/tips/ST15-002  https://us.norton.com/internetsecurity-online-scams-coronavirus-phishing-scams.html Other sources of information regarding scams related to the corona virus can be found at:  https://www.fda.gov/consumers/consumer-updates/beware-fraudulent-coronavirus-tests-vaccines-and-treatments  www.CDC.gov  www.FTC.gov Video Conference Best Practices OVERVIEW Just as members of the Jewish community, our organizations and institutions have faced anti-Semitism, harassment and even assault, so too do our online spaces. Bad actors may seek to disrupt public video conferencing calls – primarily using the Zoom platform – using the platform’s screen-sharing feature to project graphic content to unwitting conference participants, forcing hosts to shut down their events. In addition to private corporations and general community events, this activity has also impacted Jewish institutions: SCN is aware of instances where white supremacist and/or neo-Nazi material or statements have been used to disrupt events. As many Jewish organizations transition events to online forums, internet-hosted events, and remote working, SCN has compiled the below best-practice tips, specific to the Zoom Video Conference platform, to assist organizations and event sponsors in providing a safe and welcoming virtual space. Other platforms may have similar capabilities. TIPS FOR SAFE, SECURE VIDEO CONFERENCES Avoid using the Personal Meeting ID (PMI) for public meetings. This can allow people to infiltrate your personal virtual space after a given event is over. Use new, randomly generated meeting IDs and unique passwords for each meeting. This makes it more difficult for unwanted actors to gain access. Use the Waiting Room to control who comes and goes. Adjust the Settings to Manage Screens & Participants By default, Zoom allows all attendees to participate equally in a meeting. Use the meeting settings to limit the access people have and what they can do: Click on the link to access the Youtube video for more infomation Zoom notes one major rule: “Don’t give up control of your screen.” You should limit who can share using the host controls. Under Share Screen, you can limit screen sharing to just yourself, as the host. Do this. Lock the meeting: Once a meeting has started, no new participants will be allowed to join, even those who were invited. Turn someone’s video off: Disable video allows you to block unwanted, inappropriate or embarrassing moments (people do forget at times they are on video). Remove unwanted or disruptive participants: As host, you can scroll over someone’s name and options appear, to include removing them from the meeting. You can also set-up your own two-factor authentication, turn off file-transfers and limit chat features, among other features. ADDITIONAL TIPS Allow only signed-in users to join: People will only be able to sign-in with the email they were invited through. Use the Waiting Room: A place for people before they enter the meeting. This allows a host to control who gets in. Mute participant(s): Hosts can mute/unmute individuals, or the entire group. You can also Mute Upon Entry, which quiets down background noise. Ensure the Meeting Host is Skilled in Technical Management Regardless of the meeting size, topic or perception of its importance, hosts should familiarize themselves with their permissions and controls. If Hosting a Large Event/Meeting, Consider a Webinar Hosting a Zoom webinar requires a separate webinar license that varies by capacity, but provides greater control to the hosting entity. Some benefits to a webinar setting include the ability to designate speakers, as well as registration requirements and the ability to screen registrant information prior to providing link access. REMINDERS A couple items to keep in mind: An open meeting link means anyone with access to the link can join. Hosts have the ability to adjust settings within their preferences, as well as during a meeting. When creating a meeting, co-hosts with equal control capabilities may be designated for an additional layer of support. For Additional information: https://www.pcmag.com/how-to/how-to-prevent-zoom-bombing https://www.adl.org/blog/how-to-prevent-zoombombing For more information, or to report an incident after notifying local law enforcement, contact Mitchell Tapper, Jewish Federation of Broward County, Director of Community Security: call 954-252-6955 or email Security@Jewishbroward.org

---

---