IMPORTANT UPDATES: For questions about the IRS Economic Impact Stimulus Payment program, please visit the IRS website.

Due to the SBA's recent communication, PPP applications for businesses have been halted. More info.
SYSTEM MAINTENANCE NOTICE: Our Digital Banking will undergo system maintenance Sunday, July 26th 12:30am - 4:30am EST. You may experience intermittent availability during this time.

Don’t Sleep on Evolving COVID 19 Scams 

Contributed by: Heath Combs

Scammers are preying on uncertainty and financial hardship and adjusting their tactics to take consumers personal information and deplete their wallets. In the second quarter of 2020, the total loss to North Carolinians in COVID-19 scams came at a cost of $11 million. Of 24,358 total fraud reports, 8,279 were identity theft. 

It’s more important than ever to remain vigilant against cyberattacks as tactics change and threats evolve. 

Utility Scams 

Scams targeting electric and natural gas customers are on the rise, with new tactics related to COVID-19 that aim to trick utility customers out of money and personal information. A record number of scammers attempts to targeted Duke Energy customers in June, hitting more than 4,000. The total number of scam attempts reported by Duke Energy customers so far in 2020 – more than 15,000 – already is approaching 2019's full-year total of 18,000.

Overpayment Refunds 

New tactics promise to mail customers refund checks for overpayments on their accounts if they can confirm their personal data, including birthdays and, in some cases, social security numbers. Duke Energy and its subsidiary Piedmont Natural Gas say they typically apply refunds as a credit to customers' accounts and will not contact them to verify personal information by phone, email or in person in order to mail a check.

Delinquent Bills 

Duke Energy also reports phone scammers claiming delinquency on users’ utility bills and that service disconnection is pending. The scam rigs caller ID to mimic the utility provider’s number and interactive phone menus, threaten disconnection, and demands an immediate payment in the form of a prepaid debit card. 

Duke Energy and Piedmont Natural Gas have currently (7/14) suspended disconnections for nonpayment, and they say legitimate utility companies do not specify how customers should make a  payment, and they always offer a variety of ways to pay a bill, including accepting payments online, by phone, automatic bank draft, mail or in person.

Contact Tracing Scams 

Contact tracers work for state health departments to try to track anyone who may have been exposed to COVID-19. Some scammers are using contact tracing to steal your identity, your money – or both. To tell the difference, the Federal Trade Commission recommends watching for a few signs. 

A real contact tracer might get in touch to discuss results of a test you know you took, or because someone you’ve been in contact with tested positive. They may ask you for your name and address; health information; the names of places and people you have visited. Scammers will ask you to do more. 

Legitimate contact tracers may call, email, text, or visit your home to collect information. The North Carolina Attorney General’s office says that you will get an initial text from the number 45394 or email from address [email protected] – and that it is safe to click on links in this text or email. After this, you will receive a call from your local health department or NC Outreach – if you can’t be reached, in-person visits using PPE will be conducted. Multiple attempts will be made to reach out. 

To protect yourself, be on the lookout for anyone who asks for social security or account numbers, or immigration status. Legitimate tracers won’t ask for this and it’s best not to respond to those requests. Real tracers will only send texts or emails and say they will be calling you. The FTC also recommends checking with your state’s health department to make sure the person is a real contact tracer. 

COVID Mask Exemption Cards 

To help limit the spread of the Coronavirus, many states are requiring people to wear face coverings in places open to the public. The FTC warns there are “official looking” seals on cards circulating online and on social media that say the holder has a disability that prevents them from wearing a mask, and that it’s illegal for any business to ask them to disclose their condition. 

These cards aren’t issued or endorsed by U.S. Department of Justice, or any other federal agency, and the agency urges the public to visit for Americans with Disabilities Act information issued by the agency.

IRS Stimulus Check Calls 

While most people have gotten their economic stimulus payments, some were still being sent out in June, and another round of stimulus may be coming. The Internal Revenue Service reports that scammers are rigging up caller ID to look like a call is coming from the government. 

The agency advises consumers to hang up the phone or delete emails asking for personal information or money, and that government agencies usually will not call or email you — especially about something related to money. They almost always contact you by U.S. mail. If you have questions about Economic Impact Payments, the IRS urges you to visit their website,, to get answers to frequently asked questions. But you also can call the IRS at 800-919-9835 if you have questions. 

Microsoft Seizes Domain Names 

In July, Microsoft announced efforts to disrupt COVID-19 phishing schemes designed to compromise accounts and get access to customer email, contact lists, sensitive documents and other valuable information. The emails to look like they originated from an employer or other trusted source, frequently targeted businesses, and aimed to compromise accounts, steal information and redirect wire transfers. 

Phishing emails exploited pandemic related financial concerns to induce clicks on malicious links, and in other emails, gave links that granted access permissions to malicious web apps. The scheme enabled unauthorized access without asking for login credentials, offering a consent prompt to for account contents, including email, contacts, notes and material stored in cloud storage space and corporate document management and storage systems.

Microsoft has been disabling domains that are part of the malicious infrastructure, and it recommends using two factor authentication, security alerts and checking email forwarding rules for suspicious activity to protect against the scam. 


Comment on this article:

Blog post currently doesn't have any comments.