On the 20th March 2020, Action Fraud UK reported a 400% increase in coronavirus-related scams.
Scammers are using the widespread uncertainty, caused by the coronavirus, to their advantage. They’re introducing new, topical scams, aimed at catching people out who are worried, misinformed and unsure who to listen to.
It is, therefore, extremely important to know what scams are out there and how to avoid them. This article outlines the types of scams to be wary of and our recommendations for ensuring that you stay as safe and secure as possible.
Also known as phishing, email scams are a popular way for scammers to attempt to acquire personal and financial information. In fact, the majority of email data breaches start with an email attack, so it’s crucial that your business is vigilant.
During the COVID-19 pandemic, scammers have adapted their phishing techniques to prey on vulnerable people seeking health advice. For example, people have reported receiving emails from scammers posing as the World Health Organization and promising medical advice. This particular scam takes you to a realistic looking WHO website to input your personal details in exchange for advice, as shown below:
Other examples of phishing scams include:
- Invoice redirections – scammers pose as creditors or suppliers informing you that their bank details have changed and asking you to redirect all future payments to their bank account instead
- CEO phishing – fraudsters often send scam emails pretending to be your boss or CEO, asking you to complete various tasks, including sending payments
Like email, SMS messaging is often used as a platform for scams. And again, scammers are posing as health authorities like the World Health Organisation to mislead people into giving away valuable information or encouraging them to click on malicious attachments and links.
Examples of coronavirus-related email and SMS scams include:
- Delivery failure or delay due to coronavirus
- Fake lockdown fines
- Free school meals
- Conspiracy theories and misinformation regarding the pandemic
- HMRC goodwill payments
- Fake council tax reductions
- Information on social distancing at your local bank
- Investment schemes and trading advice
Scammers may also pose as authority figures (such as the police, your bank, HMRC and medical bodies) over the phone. The number of cold calls has risen since the outbreak of COVID-19, so it is especially important to ensure that you and your staff are safe. Ensure you do not hand over any personal details, financial information or login details to anyone over the phone, unless you can verify their identity.
Although door-to-door scams tend to target elderly or vulnerable people, the number of reported scams has risen since lockdown, so everybody should ensure that they’re wary. Lots of scammers are now posing as medical professionals. Some are asking if they can take people’s temperature, allowing them into the house to steal valuable items. Others are posing as the Red Cross selling fake antibody tests, as warned by Frodsham Police on Twitter earlier this year. It’s important not to let anybody into your home or buy anything from a stranger unless you can verify their identity.
How can I protect myself against coronavirus scams?
Having a strong password policy is vital for keeping your business safe. At Netstar, we recommend using non-expiring, long and complex passwords from a random password generator. These should be 14-16 characters long and include a mix of numbers, letters and symbols, for example: pwd : ]2S)ScZ\:n)K4>jd.
You should use a different password for different systems, using a password manager to keep all passwords organised and secure. We also recommend using two-factor authentication to protect yourself from being hacked, and DarkWeb monitoring to alert to potential breaches.
For more information on how to improve your password policy, please speak to your Business Technology Advisor.
Spotting a scam email:
We’ve included some examples of email scams below, plus the signs to look out for to check if an email is genuine. For more information on identifying scam emails, click here.
Signs to look out for:
- Check the sender’s email address, particularly misspellings or random numbers/letters
- Look before you click – hover your mouse over a link before clicking to see the full link address, if it looks suspicious, don’t click
- Check for errors in spelling and grammar
- Look at the images – is the brand’s logo clear and exactly as it appears on their website? If not, don’t click
- What salutation does the email use and is it addressed to the right name?
- If highly urgent or threatening language is used, be wary, hackers often use this as a tool to make people panic and act before thinking
- Check the email signature, a legitimate company will always have contact details at the end of an email
If you’re in doubt about the legitimacy of an email, don’t open it and definitely don’t click on any links or input any information! Check directly with the company or person who supposedly sent the email and confirm whether it’s genuine or a scam before taking an action.
These signs to look out for can also be applied to scams via SMS. For telephone and door knocking scams, be sure not to give away any personal or financial information without being able to prove the person’s identity. Again, if you’re unsure, politely decline and don’t risk being scammed.
Security awareness training
Security awareness training has been proven to reduce incidents of a cyber-attack by over 80% and is essential to ensure the cyber security of any business. The training will further educate staff on signs to look out for and how to avoid being scammed.
Find out more about security awareness training here.
Keeping your business safe and secure is fundamental. It’s important to educate staff on the different types of scams to look out for and what to do if they think they’re being scammed. To find out more about how to keep your business cyber secure, click here.