Fraud and scams target both individuals and businesses alike, with an estimated cost to the UK of £130bn - £190bn a year, according to The 2019 Financial cost of Fraud report. Despite the Covid-19 pandemic creating a sense of unity within the general population, fraudsters have exploited the situation for financial benefit or to acquire sensitive information for their own personal gain. These scams aim to exploit a currently distracted population, one which is struggling to cope with unprecedented changes to the routines of normal, everyday life. However, being more aware of fraud and criminal scams can help prevent both individuals and businesses falling victim to it.
Since the beginning of March, Action Fraud has seen an increase of 400% in Coronavirus related fraud and scams being reported. These frauds come in various forms including online shopping scams (regarding orders of PPE and hand sanitiser, among other items, which never turn up), charity fraud (where fraudsters make requests for donations to fake causes) and phishing fraud (where emails with malicious attachments are sent to individuals with the aim acquiring people’s personal information, including passwords, PIN numbers, and bank details).
Action Fraud is the UK’s national reporting centre for fraud and cybercrime where you should report fraud if you have been scammed, defrauded or experienced cyber crime in England, Wales and Northern Ireland.
Action Fraud has received over 200 reports of Coronavirus related phishing emails, with a variety of tactics being used to gain personal and financial details. iHASCO’s Cyber Security Awareness Training course explains that “Millions of spam emails are sent to business email addresses every month. Criminals want to trick you into giving your information to them – this is known as phishing. They're hoping that you’ll click on fake links to sites or open attachments, so they can steal data or install malicious software.”
The tricks and tactics used by criminals are varied and constantly changing. However, by highlighting some examples of criminals trying to exploit individuals we hope that you’ll be better equipped to recognise the kinds of emails that could pose a threat.
Let’s take a look at some recent examples of phishing emails reported to Action Fraud.
• Fraudsters purporting to be from a research group that mimic the Centre for Disease Control and Prevention (CDC) and World Health Organisation (WHO). They claim to provide the victim with a list of active infections in their area, but to access this information the victim needs to either: click on a link which redirects them to a credential-stealing page; or make a donation of support in the form of a payment into a Bitcoin account.
• Fraudsters providing articles about the virus outbreak with a link to a fake company website where victims are encouraged to click to subscribe to a daily newsletter for further updates.
• Fraudsters sending investment scheme and trading advice encouraging people to take advantage of the coronavirus downturn.
• Fraudsters purporting to be from HMRC offering a tax refund and directing victims to a fake website to harvest their personal and financial details. The emails often display the HMRC logo making it look genuine and convincing.
Furthermore, at the beginning of April, Action Fraud received 41 reports of a scam emails purporting to be from HM Government asking for donations to the NHS during the COVID-19 outbreak.
Beware of suspicious emails
At first glance, some of these emails (as above) can seem genuine but many may directly ask for personal or financial information, which should instantly make you suspicious. Do not click on links or attachments in any suspicious emails. The aim of the email is to get you to click on a link without questioning it, which is why cyber criminals are using the Coronavirus as a means to encourage you to part with information or want to click on links to find out more. If you are working from home and receive a suspicious email or click on a link and have concerns, you should always report it to your IT department immediately so they can help.
Homeworking & fraud
With employees working from home, businesses are vulnerable to fraud that plays on current events. Communication between staff is no longer face-to-face and usual practices may be altered. Therefore, if an email arrives in your inbox from your director asking you to pay funds to a supplier, would you make the payment without checking first? Cyber criminals can make an email look like it is from someone it isn’t. While homeworkers are getting to grips with a new way of working, it can result in getting caught out by cyber crime, especially when feeling the pressure of keeping a business going.
How can iHASCO help?
Any organisation, no matter how big or small, is at risk of cyber crime. Our Cyber Security Awareness Training course will help companies educate staff to spot potential sources of cyber crime and limit its impact. There are many challenges for businesses at the moment but despite that, even without the Covid-19 pandemic, cyber criminals will find other ways to exploit businesses. Therefore it is vitally important to protect your organisation’s systems and data so you are not left vulnerable. If you would like a free trial of the course just click here.