The Coronavirus outbreak has initiated new types of scam
activity with criminals exploiting the current situation. These are circulating
in a variety of formats which we will highlight within this article, alongside
some advice on how to spot and deal with them.
Smishing
Smishing is fraud by means of text message. Criminals
attempt to trick you by sending a text message that often includes a fake
website or they try to obtain financial or personal information, such as
passwords and bank details.
There have been reports of individuals receiving these from
what appears to be a government department, banks or other trusted
organisations during the coronavirus outbreak.
Criminals can use a technique called spoofing alongside this
which can make a message appear in a chain of texts alongside genuine messages
from that organisation. A good example of this is a recent scam where
individuals received a message from the ‘UKGOV’ fining people for being out of
their homes. This sat in the same thread as a genuine message received by all
to ‘stay home’.
Phishing
Phishing is fraud by email and again attempts to trick
people into opening malicious links or attachments which could lead to
fraudsters stealing personal information, logins and passwords.
Whilst always a threat, there appears to be more
specifically coronavirus themed scams that you should be particularly wary of. These
include people offering help and free services during the pandemic. For
example, HMRC appearing to offer tax breaks and another claiming to be Netflix
offering a free pass for the duration of isolation.
Vishing
Vishing is fraud by means of telephone where a cold call is
received aimed at extracting personal information and details from you. The
scammers often impersonate someone from a trusted organisation to manipulate
you into transferring money or providing personal/financial details.
Scammers have been utilising this avenue to make calls
claiming to be from a claims management company or insurance company, saying
they can help you recuperate losses for the cost of a holiday or an event
cancelled due to the coronavirus. Also, other scams are circulating, claiming to
be your bank and stating that they are in trouble due to the coronavirus and
therefore encouraging you to transfer your money to a safer place.
Online activity
There are many other avenues that cyber criminals are also exploiting,
including adverts on social media channels, encouraging donations to the
pandemic which are unfortunately sometimes fake.
There have also been reports of fraudulent activity around the sale
of masks and hand sanitisers that then never arrive.
It has also been reported that some apps are being hacked, with
cyber criminals using these apps as a route into further data stored on your
device, including passwords, emails and banking details.
How to detect and avoid these scams
The government ‘take five’ campaign issues the following advice to
help prevent these scams:
·
STOP:
Take a moment to
stop and think before parting with any money or information
·
CHALLENGE:
Think, could it
be fake? It is ok to reject, refuse or ignore any requests. Only criminals
would try to rush or panic you.
·
PROTECT:
Contact your bank
immediately if you think you have fallen victim to a scam or report it to
Action Fraud on 0300 123 2040
Below are some additional steps you can take to further protect
yourself:
Do not open attachments or click
on links from untrusted users.
Do not give out any personal
details. If you are unsure, ask if you can call or contact the trusted
organisation by using contact details that you know are correct.
Hover your mouse over the ‘from’
address on any emails you receive to check whether it has been sent from a
recognised email address and trusted user. If it has not, then delete the email
immediately and block the sender. However, please be aware that these criminals
are getting more sophisticated, so sometimes the email address will not change
even when they are spoofing a genuine email from your bank etc.
If you are making any online
purchases, use a credit card where possible as they have better protection
should fraud occur.
Do not use the same password for
all platforms. For example, if you used the same password for a video-calling
app as your bank, then should someone hack through this app then they then have
an increased chance of accessing your bank.