This content was reviewed June 2020
The current climate has seen the people of the UK come together to do some amazing things to support and help each other through the crisis we currently face. Sadly, not all individuals have altruistic motives at heart and shockingly, we have seen a rise in scam emails, texts and calls looking to exploit the current situation.
Most of these are a type of phishing (or smishing in the case of SMS based scams) which is used by cyber criminals to access valuable information, such as usernames, passwords or account details. Senders will typically ask you to click a link to a website which has been designed to harvest credentials, or open an attachment – which is usually malware (malicious software) – which then infects devices.
With businesses and employees continuing to work from home during the COVID-19 pandemic, there has been an increase in online business scams. Many businesses are facing new cyber security challenges, as employees use new software and devices at home.
Scams like tax refund fraud can lead to huge financial losses for businesses, and in some cases can lead to reputational damage if criminals go on to defraud a business’ customers.
The National Trading Standards Scams Team has launched a new Businesses Against Scams campaign. It aims to highlight business scams to organisations and employees who have found themselves operating in different working environments. You can access online training modules that show employees how to spot scams and report them.
Common scams targeting businesses
Here’s the four most common scams your business may come across, and how you can defend yourself:
Government grant/tax refund schemes
What is it?
Businesses have been contacted by government imposters suggesting they might qualify for a special COVID-19 government grant or tax refund.
What to do:
You should be cautious about any unexpected communications offering financial assistance. Use official government websites to verify the information.
What is it?
Someone may contact you claiming to be from a supplier, stating their bank details have changed and asking you to change payment details.
What to do:
You should never rush payments. Use contact details that you already hold or that have been obtained independently. Don’t call the number or reply with your email details, as this may be fraudulent.
What is it?
This scam targets company directors or senior managers, whereby an employee receives a call from someone claiming to be a senior member of staff, asking for an urgent payment to a new account.
What to do:
You should be cautious about unexpected urgent requests for payments. Check the request directly if possible.
Tech support scams
What is it?
Cyber criminals are impersonating well-known companies and offering to repair devices. By trying to gain access to your computer or login details, they can search the hard drive for valuable information.
What to do:
Always check that the bank or payment website you’re using is secure. A small padlock beside the web address indicates the site is secure. Genuine companies will never call you and ask for financial information, so always be suspicious of cold callers.
Most of these are a type of phishing (or ‘smishing’ in the case of SMS based scams), which is used by cyber criminals to access valuable information, such as usernames, passwords or account details. Senders will typically ask you to click a link to a website that has been designed to harvest credentials, or open an attachment – which is usually malware (malicious software) – which then infects devices.
Examples of scams
Countless scams have attempted to defraud businesses during this time, so you should be vigilant. Here are some examples of scams that have been reported during the crisis:
HMRC – ‘Tax Refund’ scam and ‘Goodwill Payment’ scam
Emails have been in circulation informing people that the Government has taken urgent steps to list coronavirus as a notifiable disease in law and you are due a tax refund. This is not true and is a scam to get you to submit details to the criminal who sent the email or to get you to click on a link. A similar scam touting a ‘Goodwill Payment’ has also been reported by the Met Police.
WHO – ‘Stay Safe’ scam
This scam is commonly seen via email and informs the recipient that they can read a free guide containing advice on staying safe during the pandemic from the World Health Organisation (WHO). The email is not from WHO; the link is a ploy by criminals to obtain the users details and should not be trusted.
UK Government – ‘Lockdown Fines’ scam
There have been reports of bogus text messages, seemingly from the UK Government, saying that you have been fined for being out of your home during the current lockdown. The scam attempts to solicit payment from you. Do not reply or click on any links.
Other cyber crime scams
Scams have also been reported relating to free school meals and the sale of in demand products such as hand sanitiser and face masks.
How to protect yourself
‘Scams are despicable at any time, but particularly so if they seek to exploit the COVID-19 pandemic,’ says Paul Scully, Small Business Minister. ‘As businesses adopt new working practices in response to the outbreak, it is important they stay vigilant against scams.’
Be wary of messages that:
- are unsolicited and claim to be from a credible organisation, such as a bank or a credit card company or from a government department
- do not use your proper name, but instead have a vague greeting such as “Dear customer” or “Dear Sir/Madam”
- request your personal information such as username, password or bank details
- are poorly written or contain spelling mistakes (not all of them do though)
The government offers advice and guidance on how to protect yourself and your business from fraud and cyber crime. Here are steps you can take to verify information and avoid scams:
- Forward suspicious emails claiming to be from HMRC to [email protected] and texts to 60599. Check HMRC-related phishing, or bogus, emails or text messages against examples published on GOV.UK.
- Check that the sender’s email domain – the part of the email address after the ‘@’ symbol – matches what you would expect. You can see this by hovering over the email on a computer or by tapping the senders name on a mobile device.
- Hover over any buttons or URLs (web address) and check that the destination showing at the bottom of your browser is what you would expect. If it isn’t, do not click the link.
- Do not open or forward emails which you suspect might be a scam
- Never visit a website from a link in an email and then enter your personal details, as the email (or text) could be from a fraudulent source
What you can do
Report the crime via the ActionFraud website or by calling 0300 123 2040. If you live in Scotland, please report directly to Police Scotland by calling 101.
You can check the credibility of a communication from the government via their website.
You can also follow Action Fraud on Twitter for up-to-date information on COVID-19 fraud.
Your best defence against cyber-attacks
Protect against unseen threats. Help your business stay in the clear with cyber security support and advice you can trust, backed up by cyber insurance designed for small businesses.