How can you protect yourself and your business from potential financial losses due to coronavirus-related fraud?
This page was updated on 17 September 2021.
September 2021 update:
NHS COVID Pass Fraud
Criminals are using the NHS COVID Pass as a way to target the public by convincing them to hand over money, financial details and personal information. They are sending imitation text messages, emails and making phone calls pretending to be from the NHS, and offering fake vaccine certificates for sale online and through social media. Please remember that the NHS COVID Pass is free and the NHS will never ask for payment or any financial details. More information is available on the government website.
April 2021 update:
Fraudulent letters telling businesses that, by law, they need to purchase air purifiers to comply with COVID-19 rules
Certain businesses have recently received a letter, purporting to come from the Department for Business, Energy and Industrial Strategy (BEIS), stating it is a legal requirement for air purifiers to be installed as part of the Government’s roadmap out of lockdown. The letter includes an offer to sell such purifiers to the recipient with a request for company details. These letters are entirely false and BEIS is currently investigating the matter. There is no legal requirement for businesses to install such purifiers.
Any business receiving such a letter has been advised to report it to Action Fraud - Reporting fraud and cyber crime | Action Fraud.
Scam targeting the Self-Employment Income Support Scheme (SEISS)
Recently, certain individuals have also received messages requesting personal info e.g. from a passport or Driving Licence, in order to obtain a ‘SEISS tax refund’. The Department for Business, Energy and Industrial Strategy (BEIS) has advised the public that this is a scam and they should delete the message. Guidance and resources to help you identify HMRC related scam phone calls, emails and text messages are available on the government website.
January 2021 update
COVID-19 Vaccine Fraud
The Government's Counter Fraud Function is warning the public to remain vigilant as criminals are using the COVID-19 vaccine as a way to commit fraud.
Individuals are advised that the NHS will never:
- ask you for your bank account or card details as the vaccine is provided free of charge
- ask you for your PIN or banking password
- arrive unannounced at your home to administer the vaccine
- ask you to prove your identity by sending copies of personal documents such as your passport, driving licence, bills or payslips.
If you receive a call you believe to be fraudulent, you should hang up.
If you are suspicious about an email you have received, you should forward it to firstname.lastname@example.org whilst any suspicious text messages should be forwarded to the number 7726 which is free of charge.
Cybercrime awareness during the pandemic
Throughout the COVID-19 pandemic, the public has been encouraged to be extra vigilant and extremely cautious when sharing personal and financial details online.
Common online scams include:
- Government impersonation fraud (including impersonation of other established organisations such as the World Health Organisation)
- Online shopping fraud
- Computer software service fraud and
- Mandate Fraud
During these past few months, there has been a resurgence of fraudulent government websites trying to capitalise on the emergency measures and schemes being announced to support businesses and individuals.
Most recently, phishing emails seeking to target those eligible for the extended business support grants have also been reported.
In all cases, it is advised to follow the Stop. Challenge. Protect. technique to minimise and mitigate the risk created by criminals impersonating people, businesses, other organisations, government and the police.
Specifically, for each type of fraud, you should consider the following:
Government impersonation fraud
For fraud relating to government pages please be aware of the following:
- HMRC has publicised examples of multiple channels used for scams, these include an email phishing campaign, SMS messages, bogus phone calls, social media, WhatsApp messages and fake websites. You can find examples with recommendations from HMRC here.
- HMRC will never send notifications by email about tax rebates or refunds.
- HMRC will never ask for personal or financial information when they send text messages.
- HMRC will never use ‘WhatsApp’ to contact customers about a tax refund.
- The government has released examples of scam emails relating to free school meals requesting from parents/carers to respond with their bank details in order to be supported. These are not genuine and parents/carers are urged to not respond and delete immediately.
- Check the page’s URL. The government’s official website has a “gov.uk” URL and not a “.com” one.
- Check the spelling in the URL. Fraudulent webpages have included ones listed as uk-covid-19-relieve.com
- Check the links on the suspicious page. If clicking on other links around the page does not lead to new pages, there is a high chance that this is a fraudulent webpage.
The official government website is: www.gov.uk
The COVID-19 outbreak has also seen a rise in fraudulent web pages and communications impersonating other established organisations such as the WHO, the US Centre for Disease Control (CDC), as well as John Hopkins University (JHU). The WHO has ever since released guidance to support the international community spot suspicious emails and messaging relating to the organisation. Information has also been released to inform the public of the malicious website “corona-virus-map[dot]com” simulating JHU’s map for Coronavirus COVID-19 Global Cases.
Online shopping fraud
- Conduct research before making a purchase from an unknown person or business and seek advice from your family and friends
- Challenge questionable emails and never respond to any requesting personal or financial details
- Avoid using bank transfer as the payment method as this provides less protection in the event that you fall victim of an online fraud. Opt for a credit card or trusted online payments systems like PayPal
- If a payment has been made and you suspect fraud, inform your bank as soon as possible
During March 2020, Action Fraud reported a 400% increase in Coronavirus related fraud and has therefore urged the public to be extra vigilant.
Alongside the medical and healthcare sector, cyber-attacks have also been reported in the global shipping industry with coronavirus-related communications containing malicious attachments being received. Extreme caution has therefore been advised for employers and employees working in the sector.
On Jun 15 2020, research by Citizens Advice revealed that more than 35% of the British population had been targeted by a scammer during the COVID-19 lockdown.
Computer software service fraud
- Never install software or grant remote access following a cold call from an unknown source. If you have, seek technical support from a trusted source.
- In all cases, if in need of technical support, avoid services promoted via browser pop-ups and opt for sources like friends and family as a first point of contact
- Remember that genuine organisations will never contact you randomly to request banking details (PIN, passwords etc.)
- Check and verify requests to transfer payments into new bank accounts
- Ensure secure storage of sensitive financial information and allow access only to designated employees.
- Establish internal processes to ensure only assigned employees have access to change payment arrangements
Government guidance can be seen here. The government has also released a list of sources parents/carers can utilise to ensure children’s safety online. Additional advice can be seen via End Violence Against Children's, Stay Safe Online page.
Visit our FAQs page for more Coronavirus Business related information