COVID-19 Fraud Trends and Cyber Threats
History tells us where there is fear, anxiety and vulnerability, there is exploitation. Fraudsters thrive on vulnerability, human curiosity and error.
Since the start of 2020, COVID-19 has caused widespread disruption across the world. Organisations have either shut down or have been forced to adopt unprecedented changes to the way they operate. Which is why we need to remain as vigilant as ever and why TenIntelligence has adopted a recent campaign to help spread awareness of just some of the emerging fraud trends and cyber enabled crimes arising during this time.
Highlighted here are a selection of fake awareness emails and text messages encouraging end users to click on a link, these links will inevitably put the user in difficulty, either by downloading harmful malware, or by sharing personal information, including banking details to the awaiting fraudsters.
Some of you may have seen these already or experienced these, many of you will have thankfully spotted them. Yet, not everyone will see them, especially the most vulnerable, as many of these scams will look very authentic to the untrained or unsuspected eye. They will often include well known logos such as the WHO, or in some scams that we have recently seen, the recipient’s actual company logo. They look authentic; especially if you have recently registered your email address with the HMRC for furlough reasons. Many might actually anticipate receiving correspondence from the Government and unfortunately, click on these links.
We are all probably ordering a lot more goods and products online, from auction sites and shopping sources. Be careful. Always check the seller’s details, verify the origin, and especially look at the feedback reviews, looking for negative customer comments. “If it is too good to be true, it probably is” and “you pay for what you get”. Or in some of these cases, what you don’t get.
You might also be buying counterfeit goods which are a danger to your safety and there have been examples that counterfeit “sanitisers” are actually using bleach instead of alcohol, causing significant burn injuries to hands.
Watch out for cyber threats and share these emerging fraud trends:
- Phishing emails advising that the recipient’s mailbox is full but that they can increase their storage space “free of charge” by clicking on the link provided
- Corona tracking Apps and the new “Track & Trace”contact phishing scams
- Emails and text messages to parents/carers offering free school meals for their children subject to providing their bank details
- Unregistered Charities and “GoFundMe” style pages requesting financial donations and sponsorship for COVID-19 related projects
- Increase in fake grant & funding businesses
- Fraudsters requesting advance fees to assist with emergency supply chain procurement then disappearing once payment has been made
- Emails offering TV License refunds and Supermarket delivery slots
- Fake websites selling personal protective equipment and supplies
- Access to “free” webinars, online courses subject to providing personal & banking details
- An increase in PlayStation, console & game-based malware
- Illegal selling of NHS prescription medicines
- Delivery service phishing emails with DHL, FedEx and UPS logos
- Fake payroll and document signing links within emails
- Fraudulent streaming sites with insecure payment pages
- Department of Education free IT equipment emails
- Data breaches relating to remote working and unauthorised access to personal information
- There are concerns about unprotected devices that would not be permitted in the workplace being used by employees working at home
- Disgruntled furloughed/redundant employees stealing company information such as client lists and proposals
- With call centres moving to home working there are concerns that organised crime groups will look to exploit
If you receive a suspicious email, report it to the National Cyber Security Centre (NCSC) at email@example.com.
Prevention methods to keep you, your family and teams secure:
- Awareness is key. Ensure all colleagues know about these frauds. Keep talking with and listen to your employees, understand and where possible, support their challenges
- If a suspicion of fraud has arisen, trust your instincts and develop the next course of action
- Notify your bank immediately if you see any unusual activity on your account
- Ensure that remote laptop and device systems are updated and regularly update all antivirus software platforms
- When you are finished working, do not just close the lid of your laptop without shutting down properly, as most laptops initiate the updates when they go through this shutdown process
- Secure your home Wi-Fi network and ensure your device firewalls are on and if possible, switch on a trusted Virtual Private Network, or VPN
- PLEASE make sure you are not using the default password which is written on your Wi-Fi router as these can easily be found online
- Apply strong passwords and implement 2-factor-authentication on all devices. A strong password could be a memorable sentence that only you know
- Liaise with your team members and share experiences of suspicious activity
- Verify all invoices, as well as requests to change bank account details
- Implement checks and measures. Verify and review, check with a colleague, do not be afraid to escalate the issue
- Review financial transactions to check for inconsistencies and errors, such as misspelt names of payees
- To check if a request is legitimate, contact the supplier directly using established contact details you have on file, preferably by phone. Do not just reply by email, just in case this email address has been compromised, or is monitored by the fraudster
- Access to sensitive financial information should be carefully controlled
- Dispose of confidential documents, especially at home by cross-shredding them. Do not just dispose them in the bin
- Perform background checks and due diligence on all new third parties to help reduce the likelihood of fraud
If you have been affected by any of these scams, please visit www.tenintel.com/investigations, where you can find out how we support clients with fraud investigation, data privacy, cyber security and digital forensics support.
Or contact us at firstname.lastname@example.org and we can talk through your options.