Advice to Protect your Financial Data Against Coronavirus Scams

TCU’s cybersecurity expert offers a few simple steps to protect yourself from online and telephone scams, which increase in times of crisis as criminals try to exploit our anxiety and empathy.

TCU’s Assistant Vice President of Information Security Kevin Holleran outlines ways to protect your bank accounts from hackers.

As we work together to face down the coronavirus outbreak, it’s also necessary to remain vigilant about preventing nefarious actors who are trying to capitalize on the chaos and uncertainty.

Cybercriminals are leveraging the pandemic by sending phishing emails to steal confidential information like passwords and bank account details. They’re also sending scam messages intended to trick recipients into opening attachments with malware embedded in them.

The number of malicious websites has also rapidly increased as scammers try to make money from the pandemic, taking advantage of people concerned about their health and finances.

By understanding the threats and taking simple actions, you can stop cybercriminals in their tracks.


Cybercriminals use deception to manipulate people into divulging sensitive information. Deception is done through emails, text messages, phone calls, or even in person. The email method known as phishing is the most common. 

Cybercriminals “engineer” believable scenarios designed to evoke an emotional response — curiosity, fear, empathy, excitement — from their targets. As a result, people often react without thinking due to curiosity or concern over the message that was sent.

Since social engineering attacks appear in many forms and appeal to a variety of emotions, they can be especially difficult to identify. Cybercriminals use any number of emotions to achieve their goal, but most often exploit fear and empathy — such as the threat of a fine if a debt isn’t paid, or concern for someone in need.

Cybercriminals also target people’s helpful nature. In every crisis, fraudulent relief funds are set up, sending emails with false emergency pleas for assistance. Urgency is also used. Language such as “Act now,” “Hurry” and “Don’t miss out” are triggers.

These messages often use names and branding to appear to be from a trustworthy organization. For example, cybercriminals are mimicking communications from expert sources such as the World Health Organization, the Centers for Disease Control and Prevention and Johns Hopkins University.


The good news is that there are simple ways we can protect ourselves.

Slow down — And read the email again before acting. Do not click on any links or open any attachments. Ask:

  • “Do I expect this email?”
  • “Do I feel rushed into a decision?”
  • “Do I feel emotions like fear or empathy driving my decision?”

Validate the source – Make sure the message is from a trusted sourceAsk:

  • “Do I know this person or organization?”
  • “Is this something I would expect from this individual or group?”
  • “Can I validate with the source via a phone call or other method that is different from the medium I received the message?”

Be suspicious – Separate your actions from the message you received.

Instead of clicking on links, go to the organization’s website. Links in emails may direct you to sites that look legitimate but are owned by those attempting to steal your data.

Instead of trusting phone numbers, look it up in an official source. Rather than accepting an inbound call, and communicating with the caller, hang up and call the organization back at the number you find.

Use Strong Authentication – And a password manager to store passwords.

Also turn on two-step verification. This is where you also must enter a code you receive from an app or a text message in addition to your login password. 

You can make a difference!

By exercising caution and diligence, you are protecting your personal information against cybercriminals and their attacks. 

Please remember TCU will never contact you asking for a PIN or other identifying information. TCU personnel will never ask for such information and members should never provide it to anyone.