Criminals will use any opportunity they can to take money from innocent people. This includes exploiting tragedies and global emergencies, such as the COVID-19 pandemic, to scam people in a variety of ways. The number of these scams are only likely to increase and we need individuals and businesses to be fully aware and prepared.
As more people stay indoors and work from computers and laptops at home, there is more opportunity for criminals to try and trick people into parting with their money at a time when they are anxious and uncertain about the future.
We have already received nearly 400 reports of fraud related to COVID-19, the majority of which are online shopping scams where people have ordered protective face masks, hand sanitiser, and other products, which have never arrived. We have also seen a large amount of phishing emails and texts circulating, that use COVID-19 as a hook, and try to get recipients to click on links or attachments which harvest information and lead to the individual revealing personal or financial details.
Is fraud rising?
While the number of reports of fraud in general is not increasing, we are warning people that the current social situation we find ourselves in could lead to any number of fraud types increasing as this immediate public health crisis unfolds. We are advising people to be particularly vigilant around:
- Computer Software Service Fraud – as more people work from home, fraudsters may capitalise on slow networks and IT problems, to commit computer software service fraud. Be wary of cold calls or unsolicited emails offering you help with your device or to fix a problem. Attached is a helpful graphic with protection advice.
- Mandate Fraud – with more people working at home, it may be easier for fraudsters to impersonate senior decision makers, with seemingly valid reasons why they cannot be contacted, and request a change in a direct debit, standing order or bank transfer mandate, by purporting to be an organisation you make regular payments to. The change they ask you to make will divert funds to their own bank account. Attached is a helpful graphic with protection advice.
Advice for businesses in regards to people working from home
Many organisations are either moving to working remotely for the first time or significantly increasing it, and this presents a number of cyber security challenges. Advice on how to respond to those challenges is set out in the NCSC’s working from home guidance.
There are a number of practical steps organisations can take to reduce the risk including:
- Supporting people to use stronger passwords and setting up two factor authentication.
- Ensuring staff know how to report problems, especially those related to security.
- Creating ‘How do I’ guides for new software and tools staff may be using.
- Using VPNs to allow users to securely access the organisation’s IT services.
- Ensuring devices encrypt data whilst at rest.
Some organisations may be allowing staff to use their own devices to work remotely. In this case, please refer to the NCSC’s Bring Your Own Device (BYOD) guidance.
In addition to following the guidance set out above, it is worth being aware of phishing emails which trick users into clicking on a bad link. Once clicked, the user is sent to a website which could download malware onto your computer, or steal passwords. We know that cyber criminals are opportunistic and will look to take advantage of people’s fears, and there is evidence that the coronavirus outbreak is being exploited in this way.
Those who do fall victim shouldn’t feel bad – these scams can be extremely convincing – but what they should do as quickly as possible is report it to their IT department when the incident is work-related or Action Fraud when it is personal. They can also open their antivirus (AV) software if installed, and run a full scan, following any instructions given. If they’ve been tricked into providing password, they should change their passwords on all their other accounts. The NCSC’s guidance on suspicious emails provides more tips on this.
To report a fraud please follow this link: https://www.actionfraud.police.uk/
Phishing emails can be forwarded to NFIBPhishing@cityoflondon.police.uk or via https://www.actionfraud.police.uk/report-phishing