Fraud and cyber crime awareness during the Coronavirus outbreak
27 March 2020
How can you protect yourself and your business from potential financial losses due to coronavirus-related fraud?
This page was updated on 2 December 2021.
Updates:
December 2021 - Omicron PCR tests
There have recently been reports of social media posts purporting to offer Omicron PCR tests in order to avoid restrictions. This is a scam and businesses should continue to follow the guidance on the government website www.gov.uk/coronavirus
September 2021 - NHS COVID Pass Fraud
Criminals are using the NHS COVID Pass as a way to target the public by convincing them to hand over money, financial details and personal information. They are sending imitation text messages, emails and making phone calls pretending to be from the NHS, and offering fake vaccine certificates for sale online and through social media. Please remember that the NHS COVID Pass is free and the NHS will never ask for payment or any financial details. More information is available on the government website.
April 2021
Fraudulent letters telling businesses that, by law, they need to purchase air purifiers to comply with COVID-19 rules
Certain businesses have recently received a letter, purporting to come from the Department for Business, Energy and Industrial Strategy (BEIS), stating it is a legal requirement for air purifiers to be installed as part of the Government’s roadmap out of lockdown. The letter includes an offer to sell such purifiers to the recipient with a request for company details. These letters are entirely false and BEIS is currently investigating the matter. There is no legal requirement for businesses to install such purifiers.
Any business receiving such a letter has been advised to report it to Action Fraud - Reporting fraud and cyber crime | Action Fraud.
Scam targeting the Self-Employment Income Support Scheme (SEISS)
Recently, certain individuals have also received messages requesting personal info e.g. from a passport or Driving Licence, in order to obtain a ‘SEISS tax refund’. The Department for Business, Energy and Industrial Strategy (BEIS) has advised the public that this is a scam and they should delete the message. Guidance and resources to help you identify HMRC related scam phone calls, emails and text messages are available on the government website.
January 2021 - COVID-19 Vaccine Fraud
The Government's Counter Fraud Function is warning the public to remain vigilant as criminals are using the COVID-19 vaccine as a way to commit fraud.
Individuals are advised that the NHS will never:
- ask you for your bank account or card details as the vaccine is provided free of charge
- ask you for your PIN or banking password
- arrive unannounced at your home to administer the vaccine
- ask you to prove your identity by sending copies of personal documents such as your passport, driving licence, bills or payslips.
If you receive a call you believe to be fraudulent, you should hang up.
If you are suspicious about an email you have received, you should forward it to report@phishing.gov.uk whilst any suspicious text messages should be forwarded to the number 7726 which is free of charge.
Cybercrime awareness during the pandemic
Throughout the COVID-19 pandemic, the public has been encouraged to be extra vigilant and extremely cautious when sharing personal and financial details online.
Common online scams include:
- Government impersonation fraud (including impersonation of other established organisations such as the World Health Organisation)
- Online shopping fraud
- Computer software service fraud and
- Mandate Fraud
During these past few months, there has been a resurgence of fraudulent government websites trying to capitalise on the emergency measures and schemes being announced to support businesses and individuals.
Most recently, phishing emails seeking to target those eligible for the extended business support grants have also been reported.
In all cases, it is advised to follow the Stop. Challenge. Protect. technique to minimise and mitigate the risk created by criminals impersonating people, businesses, other organisations, government and the police.
Specifically, for each type of fraud, you should consider the following:
Government impersonation fraud
For fraud relating to government pages please be aware of the following:
- HMRC has publicised examples of multiple channels used for scams, these include an email phishing campaign, SMS messages, bogus phone calls, social media, WhatsApp messages and fake websites. You can find examples with recommendations from HMRC here.
- HMRC will never send notifications by email about tax rebates or refunds.
- HMRC will never ask for personal or financial information when they send text messages.
- HMRC will never use ‘WhatsApp’ to contact customers about a tax refund.
- The government has released examples of scam emails relating to free school meals requesting from parents/carers to respond with their bank details in order to be supported. These are not genuine and parents/carers are urged to not respond and delete immediately.
- Check the page’s URL. The government’s official website has a “gov.uk” URL and not a “.com” one.
- Check the spelling in the URL. Fraudulent webpages have included ones listed as uk-covid-19-relieve.com
- Check the links on the suspicious page. If clicking on other links around the page does not lead to new pages, there is a high chance that this is a fraudulent webpage.
The official government website is: www.gov.uk
The COVID-19 outbreak has also seen a rise in fraudulent web pages and communications impersonating other established organisations such as the WHO, the US Centre for Disease Control (CDC), as well as John Hopkins University (JHU). The WHO has ever since released guidance to support the international community spot suspicious emails and messaging relating to the organisation. Information has also been released to inform the public of the malicious website “corona-virus-map[dot]com” simulating JHU’s map for Coronavirus COVID-19 Global Cases.
Online shopping fraud
- Conduct research before making a purchase from an unknown person or business and seek advice from your family and friends
- Challenge questionable emails and never respond to any requesting personal or financial details
- Avoid using bank transfer as the payment method as this provides less protection in the event that you fall victim of an online fraud. Opt for a credit card or trusted online payments systems like PayPal
- If a payment has been made and you suspect fraud, inform your bank as soon as possible
During March 2020, Action Fraud reported a 400% increase in Coronavirus related fraud and has therefore urged the public to be extra vigilant.
Alongside the medical and healthcare sector, cyber-attacks have also been reported in the global shipping industry with coronavirus-related communications containing malicious attachments being received. Extreme caution has therefore been advised for employers and employees working in the sector.
On Jun 15 2020, research by Citizens Advice revealed that more than 35% of the British population had been targeted by a scammer during the COVID-19 lockdown.
Computer software service fraud
- Never install software or grant remote access following a cold call from an unknown source. If you have, seek technical support from a trusted source.
- In all cases, if in need of technical support, avoid services promoted via browser pop-ups and opt for sources like friends and family as a first point of contact
- Remember that genuine organisations will never contact you randomly to request banking details (PIN, passwords etc.)
Mandate Fraud
- Check and verify requests to transfer payments into new bank accounts
- Ensure secure storage of sensitive financial information and allow access only to designated employees.
- Establish internal processes to ensure only assigned employees have access to change payment arrangements
Government guidance can be seen here. The government has also released a list of sources parents/carers can utilise to ensure children’s safety online. Additional advice can be seen via End Violence Against Children's, Stay Safe Online page.
Additional Resources
News
Genuine HMRC contact and recognising phishing emails
Read more
Cybersecurity basics
A guide to how SMEs can protect themselves
Read more
Self-assessment tool
This tool can help sole traders and micro-businesses check how safe they are from cyber threats.
Read more
Cybersecurity and remote working
Key recommendations on how to stay secure when working outside the office.
Read more
Phishing attacks - Guidance
How to spot and deal with suspicious emails, and what to do if you've already clicked
View
Police CyberAlarm
A free tool helping organisations monitor and report any malicious activity they face online.
Read more
GM Cyber Resilience Centre
Resources to improve your cyber awareness and start your journey to becoming cyber resilient
View
Citizens Advice - Blog
Why it’s so important to be #ScamAware
Read moreVisit our FAQs page for more Coronavirus Business related information
The information provided is meant as a general guide only rather than advice or assurance. GC Business Growth Hub does not guarantee the accuracy or completeness of this information and professional guidance should be sought on all aspects of business planning and responses to the coronavirus. Use of this guide and toolkit are entirely at the risk of the user. Any hyperlinks from this document are to external resources not connected to the GC Business Growth Hub and The Growth Company is not responsible for the content within any hyperlinked site.