Fraud risk during COVID-19

Youve been hacked on laptop screen

We are all adapting to new ways of working and, maybe, to new opportunities in these difficult times. Sadly, criminals are doing so too; just like your charity or a business might change a product or service to adapt, so crooks are taking advantage of some new vulnerabilities. We have to be vigilant.

Good practices around financial procedures and online safety are more critical than ever. The other big weapon against fraud is awareness – making sure that you and your people are aware of the threats and know how to avoid them.

Some scams manipulate innocent victims, for example by urging people to invest and “take advantage of the downturn”. Others impersonate well-known services to get people to part with cash and information – criminals are even claiming to be from NHS Test and Trace to trick people into divulging personal or business details. In fact, there are hundreds of variations of dozens of scam types.

MD Katy Worobec from UK Finance was quoted as saying that during the pandemic criminals have used “sophisticated methods to callously exploit financial concerns, impersonating trusted organisations like the NHS or HMRC, to trick (people) into giving away money or information.”

Here are some examples of the frauds and scams we are facing:

Covid-19 support scams

Criminals send fake government emails designed to look like they are from departments offering grants, containing links which steal personal and financial information; they may offer ‘Covid-19 relief funds’ encouraging victims to fill in a faked online form. Official-looking emails offering ‘tax reductions’ have been used, linked to a fake government website which again mines personal and financial information. As well as organisations, fraudsters are also preying on benefit recipients, offering to help apply for Universal Credit and payments as an advance for their ‘services’.

Health scams

One of the most ruthless scams has involved using the NHS Test and Trace service, preying on an anxious public by sending phishing emails and links claiming the recipient has been in contact with Covid-19. These lead to fake websites that steal personal and financial information or infect devices with malware. Victims are also being targeted by fake adverts for products such as sanitizer and face masks which simply do not exist, as well as fake testing kits, supposed cures for the virus, and counterfeit goods which in some cases have proved to be dangerous (for example the sale of sanitiser made from ingredients deemed unsafe for human use).

Lockdown scams

Fake messages claim to be from well-known organisations, for example from TV Licensing telling people they can claim free TV licensing because of the pandemic. Again, these lead to fake websites used to steal personal information. Amid increased use of online TV services, customers have been sent convincing emails telling them to update payment details using a link which steals credit card details, including CVV codes. Fraudsters are similarly exploiting subscribers to dating websites, who may also be misled by fake profiles on social media sites used to manipulate people into making payments. Often criminals will steal and use real identities to strike up relationships with their targets.

Other scams involve fake investment opportunities; phone calls, emails and adverts on social media encourage unsuspecting victims to put money into investment companies using very convincing fake websites.

Add to all this things like fake websites set up to process holiday refunds, false collections for a COVID-19 vaccine programme or for charities struggling ‘at this difficult time’, and much more. There is much to be wary of.

Business scams

If you are running a charity or business, there are others to be aware of. These are known to succeed in times of change and uncertainty and include:

  • government grant/tax refund scams which feign urgency and gather information then used for financial fraud.
  • invoice fraud, for example the presentation of false invoices, or contact by someone claiming to be from a supplier, asking you to change outgoing payment details.
  • impersonation fraud, where an employee receives a false email ostensibly from a senior manager, insisting on urgent payment or grant to a new account, perhaps Covid-19 related. A message from a spoofed staff email account can appear totally genuine!
  • IT Support scams; with people working remotely and IT systems under pressure, criminals impersonate support companies by phone or email, ask for remote access or passwords and, if they succeed, access valuable information.

Be wary of things like unknown URLs and email addresses, requests for PINs or passwords, impressions of urgency, heavy discounts or cheap products, spelling and grammar mistakes, donations with catches and conditions, and inconsistencies in any story given. With so many of us working and living differently, fraudsters posing as banks, police officers, government staff, donors and service providers have become more believable. Once they have a set of personal details crooks will go on to try accessing bank accounts and other online services, borrow or buy in your name, make benefit claims, and defraud others.

Personal and business (or charity) information is like the key to your home or premises, take every precaution to protect them.

Be aware, stay safe.

External link: www.actionfraud.police.uk