Staying one step ahead of the COVID-19 scammers


    - by Stuart Fuller -

    We are now entering our third week of COVID-19 lockdown in the United Kingdom. The unprecedented situation we find ourselves in has had a far reaching impact on our lives and those of our families, friends, neighbours and communities. Whilst the UK Government is trying to protect aspects of our everyday lives that will see us through the crisis and out the other side, whenever that will be, the situation has unfortunately attracted that tiny section of society who will stop at nothing to try to exploit current events and the individuals who need help and protection the most.

    COVID-19 Brand Management

    These bad actors play on the vulnerabilities of those most impacted by the situation, using real information to offer fake hope in return for, in most instances, financial gain. There is an onus on businesses as a whole to take measures to try to protect consumers as well as the authorities to do as much as they can to investigate these fraudulent actions and bring the full weight of the law down on those who seek to financially benefit from the pandemic.

    With every day that passes, more stories emerge of the lengths that the fraudsters will go to, concocting elaborate schemes that fill the void between conjecture and reality. Consumers need to be aware of some of these scams. Whilst to many they seem too unbelievable to be true, the most vulnerable are often those in the greatest need and will be easily tricked into falling for these scams. Others are more sophisticated and elaborate but still have the same aim of trying to exploit the situation for financial gain.

    In the United Kingdom our fantastic key workers and essential staff now have to work remotely which means we are all more reliant on the digital world. We are fortunate that many of the digital services we use daily are safe and secure but that doesn’t make us immune to scams. In the past week here’s five examples of attempted fraudulent actions aimed at exploiting the current COVID-19 situation.

    SMS and WhatsApp messages

    Last week most mobile phone owners received a text message from the Government, delivered by their network operator, asking them to abide by the Government advice to stay indoors. Fraudsters have used those text messages to mask their nefarious actions in sending unsolicited text messages to random mobile numbers, including the original Government message and a subsequent one suggesting the recipient had been spotted transgressing the rules about leaving the house and was now subject to a fine, payable by clicking on a link in the text message, which took them to a webpage asking for their debit or credit card information. For good measure, the SMS ends with a message in support of the NHS.

    SMS and WhatsApp messages

    Coronavirus Government Funding check scams

    With the Government announcing ongoing financial aid packages to employers and the self-employed, the yet to be announced details have given fraudsters the perfect opportunity to put a scam in place whereby businesses are being called by a “Government Claims Team” who are ready and able to make payments for Furloughed workers – they just need the companies bank account details first. There is no such Government team making outbound calls to businesses – the onus will be on individual organisations to claim the payments not vice-versa.

    Internal IT Emails

    With the move to remote working, we are now more reliant on our colleagues than ever before. There will always be small issues that come up and whilst before we used to be able to go and see our local IT teams and ask them to troubleshoot, in our remote ways of working we could leave ourselves open to cyber security attacks. Random emails, looking like they have been sent internally will often include requests to verify details or update software by clicking on a link. At best the scammers will be looking to harvest login details, at worst the link will result in malware, spyware or even a ransomware attack being instigated. Now is a good time to remind all staff of the dangers of such attacks and the correct ways of working with your IT teams.

    Remote Access

    COVID-19 Vaccine Scams

    Whilst every day progress is made in finding treatments that mitigate and protect against the effects of COVID-19, there is no vaccine anywhere in the world today, nor is there likely to be one in the short-term. Some of the finest medical brains in the world are working night and day for global pharmaceutical companies to create the drugs that will eventually protect us all but for now we have to take the necessary precautions to mitigate our risks. Yet some fraudsters are peddling stories to the most vulnerable, claiming that they have the cure already and individuals can buy it direct from them before it is officially available. Not only will they be aiming to steal credit or debit card details but they may also try to obtain medical information from unsuspecting victims, which is far more valuable on the Dark Web than some financial information.

    Website and Email scams

    Whilst in the US there has been a number of scams related to emails posing to be from the World Health Organization asking individuals to click on a link confirming they are “safe” (and thus in the processes installing malware), the sheer number of COVID-19 domain names registered across the world in the last 30 days is a major concern.

    Many of these will be used for email phishing scams, a fact underlined by analysis firm Trend Micro who have reported that in the UK alone nearly 21% of all spam emails monitored during the period from 1st January to 27th March 2020 contained either the words COVID-19 or Corona in their subject line. Security firm Check Point reported that over 16,000 domain names featuring the word “COVID-19” had been registered so far this year. Many of these domain names will be for genuine use but on the flip side, many will be used for malicious purposes, as fraudsters try to add a look and feel of authenticity to their scams. Before you click on any links in emails containing COVID-19 information or directing you to websites claiming to be owned and run by major organisations using a URL with COVID-19 or Corona in the domain name, stop and check the authenticity.

    Countries Targeted Most by Malicious Spam

    We live in a new, dangerous world, at least for the time being. Our digital landscape should be free of risks but unfortunately there will always be bad actors out there look to exploit the vulnerable and the vulnerabilities. By using some common sense and thinking twice before acting when it comes to any matter related to COVID-19 you are not only protecting your own digital environment but potentially that of your colleagues and your organisation.

    Take care, stay indoors, be digitally savvy