COVID-19 Scams

Posted by Jeremy Wascak April 07, 2020 Categories: Avoiding Scams

We've been seeing an increase in COVID-19 related fraud. Here's what you need to know.

Members Getting Phone Calls Pretending to be Towpath CU Employees

We have been notified that someone is making phone calls, pretending to be from Towpath Credit Union, asking for personal information. Towpath Credit Union will never call our Members and ask for sensitive information such as account passwords, credit card security codes, or social security numbers. If you receive a phone call that you believe is suspicious, please hang up and call back on the official Towpath CU phone number to verify that it is legitimate. 

More COVID-19 Fraud Schemes

Towpath CU has been monitoring the rise of COVID-19 (Coronavirus) scams in recent weeks. Here are the top threats we've identified for our communities to be on the lookout for. 

Fake CDC Emails

Be careful about emails claiming to be from the Centers for Disease Control and Prevention (CDC) or other organizations offering information about the virus. 

Scammers often use emails pretending to be a trustworthy source to get you to click on links or attachments that can contain malware that's dangerous for your computer. They have also been using malicious websites claiming to track the spread of COVID-19 cases around the world to infect computers with dangerous malware.  

Phishing Emails

Watch out for emails asking you to verify personal or private information in order to receive a stimulus check from the government. No government agency will send you unsolicited emails asking for you to share private information. 

Additionally, phishing emails may look like they come from other organizations such as charities, airlines, or financial institutions. They might also offer information on fake virus cures, vaccines, or even testing kits. These emails should not be trusted. 

Counterfeit Treatments or Equipment

Use extra care with anyone selling products or services promoting or selling COVID-19 cures, treatments, or tests, as well as counterfeit products such as sanitizers and personal protective equipment (PPE). 

For more information about approved PPE, visit

Stimulus Check Deposit Scams

Soon, many Americans will be getting a check from the government to help ease the economic blow of the COVID-19 pandemic. If you receive a phone call, text message, or email claiming to be the IRS or part of a “COVID-19 relief authority” that is requesting your personal information and banking information, do not give it out.

Neither the IRS nor Towpath Credit Union will call, text, or email you to request your personal information, bank account information, or to request you to pay any fees to process your stimulus check. If you receive a check in the mail that requires you to “verify it” or “activate it” by phone or online, this is fraud.

For more information about Coronavirus Tax Relief and Economic Impact Payments, visit

Work from Home Schemes

Be careful when looking at job postings for online or remote jobs that promise easy or quick money for little effort. This is most likely a sign of someone trying to trick you into being a "money mule" or unknowingly helping criminals move illegal money. Some red flags for work from home schemes include: 

  • The "employer" using web-based email services (i.e. Gmail, Yahoo, Hotmail, etc.)
  • If you are sent money to your personal bank account and asked to transfer the funds via wire transfer, ACH, mail, or other money service
  • If you are asked to open a bank account in your name for the business
  • If you are told you may keep a portion of the money that you transfer

Tips from the FBI for Staying Safe Online

  • Don’t open attachments or click links within emails from senders you don't recognize.
  • Don’t provide your username, password, date of birth, social security number, financial data, or other personal information in response to an email or robocall.
  • Verify web addresses of legitimate websites and manually type them into your browser.
  • Check for misspellings or wrong domains within a link (i.e., an address that should end in .gov ends in .com instead).