Insights

COVID-19: A guide on Coronavirus and fraud – don’t become a victim

The coronavirus (COVID-19) has had an unprecedented effect on many countries around the world – and prompted a wide range of human responses.  We have witnessed some inspirational examples of people coming together to help the most vulnerable and, at the other extreme, we have also seen cybercriminals taking advantage of the pandemic.

What should you look out for?

To help members of the public protect themselves from becoming a victim of fraud, Cifas (the UK’s Fraud Prevention Service) advises the following:
  • Be sceptical – if you receive an email, text or WhatsApp message about coronavirus, never click on any attachments or links unless you are sure of the identity of the sender.  Be particularly wary of unsolicited communication;
  • Do not give money or personal information to websites or people you do not trust 100%. If you are approached, try to verify details and call the sender back via a number obtained from a different source;
  • Avoid emails or advertisements that urge you to ‘act now’. This sense of urgency is meant to pressure people into making irrational decisions;
  • Don’t allow yourself to be pressured into donating money, and never make donations by cash or gift card, or send money through transfer agents;
  • If you wish to donate money to charity organisations, do this by searching for their official websites or phone numbers, and not through advertisements or when approached. 
As well as this general advice, there are also steps you can take to protect yourself and your family in some specific situations that have emerged over the past few weeks.
 

Government financial package

We expect that fraudsters will be planning to benefit from the package of measures that the government has introduced to support those affected by the coronavirus outbreak – but not in the way that the Chancellor intended. 

Individuals and businesses owners, who find themselves in desperate need for help at this very difficult time, are likely to be particularly susceptible to scams. We have seen, even prior to the announcement of the new measures, evidence of tax refund and rebate scams using what seem to be authentic HMRC logos. In some cases, the fraudsters tried to spoof a genuine email address or change the ‘display name’ to make it appear genuine.

Remember, HMRC will never send notifications by email about tax rebates or refunds.

Check emails carefully and, if you are suspicious, do not:
  • visit the website;
  • open any attachments; or
  • disclose any personal or payment information. 
If you are unsure, forward the email to HMRC and then delete it.

Temporary office closures

If you have closed your office temporarily during the outbreak, there are some extra steps that you can take to protect yourself:
  • Test your alarm system before you leave the premises, ensure it is monitored and fully operational;
  • Identify any vulnerable areas and rectify them. Ensure security gates, bollards and fire exit doors have been secured prior to closure of the premises;
  • Ensure service doors are closed and locked when not in use;
  • Make sure you have list of key holders who can be contacted in times of emergency. Ensure your contact details for staff are up to date;
  • Consider moving high value items into secured stockrooms and out of view;
  • Ensure keys to the premises or other venues are not left inside and are instead with dedicated key holders;
  • Consider timer switches or ensure sufficient lighting is left on at the premises/surrounding area;
  • Ensure there are no combustible materials left in the proximity of the building, such as packaging, to reduce the risk of arson;
  • Review your CCTV to confirm it is operational, provides good quality images and is positioned to cover as much of the business premises as possible. You may wish to consider a mobile phone app that allows connectivity and a vocal capacity to engage with any intruder; and
  • Ensure that no cash is retained on the premises overnight (leave a note on the door stating that no cash or valuables are kept overnight) or store valuables in a security-accredited safe bolted to the floor. 

Working from home

Many businesses are now encouraging or instructing their staff to work from home to help stop the spread of coronavirus.  However, switching to remote working can create cybersecurity problems for both employers and employees.  As more of us are now working from home, the police have already reported seeing an increase in cyber-attacks.
 
Here are some tips to consider:
  • Consider changing default passwords on your home Wi-Fi router to a more complicated password to prevent hackers accessing your network;
  • Use strong and unique passwords on every account and device – consider using two-factor authentication (2FA), which requires you to provide a second piece of evidence (such as entering a code that has been sent to you by text message) to prove it is definitely you logging in. A good example of two-factor authentication is the withdrawing of money from an ATM; only the correct combination of a bank card (something the user possesses) and a PIN (something the user knows) allows the transaction to be carried out;
  • Software updates contain vital security patches – keep all devices, apps and operating systems up to date and make sure you are protected with appropriate anti-virus software;
  • If you are working in a more public place, use a privacy screen and tether from your phone instead of an untrusted Wi-Fi hotspot;
  • Only use software your company would typically use to share files. Refrain from using your personal email or third party services unless reliably informed otherwise;
  • Working from home can present additional risks as some of the checks and balances ordinarily applied in the workplace cannot be undertaken. Think of how additional remote checks can be undertaken, do not be tempted to reduce responsibilities, and ensure proper controls and monitoring procedures are maintained. 

Protecting your family

Parents need to be alert to the risks to children from additional online activity.  It is important that parents and carers remain vigilant and alert on behalf of their children.