Scamming during COVID-19
17th April 2020
Until the 8 March there had been very few email scamming attacks based on the Covid-19 virus. Since then there has been a significant increase in the number of scams. Interestingly, this increase correlates with the number of searches being made for the same subject as reported by Googletrends. It now appears that scammers keep a watchful eye on these trends looking for an opportunity to change their point of attack when one presents itself.
Whilst you may receive emails in your personal inbox which makes claims that the Government requires your bank details so money related to free school meals can be transferred to you, HMRC is contacting you as have a tax refund waiting to be deposited, your bank is asking you to confirm your account details as they have noticed suspicious activity taking place or emails are received from criminals disguising themselves as an organisation.
Even if you don’t receive any of these emails you might be contacted by telephone with the caller offering coronavirus testing kits and/or protective equipment; or even receive a call telling you your internet is going to be cut off in 24 hours because you’ve been hacked or a payment has not been taken due to circumstances related to the current crisis. These calls need to be treated with the same high degree of caution as you would with an email.
Although you need to be cautious with emails received in your personal inbox, should you receive an email similar to any of those described above, it is likely that those you might receive in your organisational inbox will involve a different type of scam.
With a majority of the population working from home, the scammers are using this to their advantage. There are a number of examples currently being seen of Business Email Compromise (BEC) attempts; these include requests for payment where new bank account details are being provided which differ from the usual payment credentials, a simple request to change bank details necessary due to Covid-19 or an individual is asking for their wages to be paid into a different bank account. These scams all require payment being made to an account other than that currently held.
In a different scenario the scammer emails with a request for you to use your own funds to purchase gift cards which are to be sent as a thank you to displaced workers. This scam often involves the gift cards being purchased online as stores will often limit the amount which can be purchased in a single purchase. As it is either not easy or possible to go out the scammers will ask for the codes to be emailed to them so that they can be forwarded to the respective individual. The scammers appears to have refined this type of scam to include only those stores which are currently considered to be providing essential goods. To compound this further, they will also ask the recipient for their own bank details so that they can recompense them for the purchase, further compounding the scam.
Another type of scam currently being seen is that of Credential Phishing where an attempt is made to retrieve information about the organisation through the use of fake documentation either as an attachment or a linked document in the email itself. Some even require the recipient to authenticate themselves to access the document which results in their own credentials being captured. Be cautious if you receive such a communication from an organisation such as the World Health Organisation or the UK Government.
Finally, an elaborate scam has been seen which purports to be providing a means of receiving a substantial grant to support your organisation during this current crisis. This scam involves a lengthy exchange of emails none of which request any financial details until such time as the victim is advised that the payment is to be made via a prepaid debit card which requires to be insured against loss before it can be dispatched. It is this payment request which is the actual scam and needless to say the grant never arrives but the insurance payment is taken.
In conclusion, scamming continues unabated but now with a different focus potentially dependant on what is trending in current internet searches, it is very much a case of “same meat, different gravy”. However it should be noted that of all the 73 million email messages which have been sent relating to Covid-19, less than 0.1% have been malicious. Although the number of these attacks has now flattened out, the frequency of receipt is expected to remain constant whilst the crisis continues.