- 1 June 2020
- Posted by: Danielle Donaldson
- Categories: Covid, Cyber Security
Coronavirus scams: How hackers are profiting from Covid-19
Many of us are worried what coronavirus will bring next, but for fraudsters, they’re using it as an opportunity to profit. Cyber criminals have been preying on coronavirus fears since the pandemic began. Action Fraud the UK’s online centre for reporting fraud and cyber crime, reported that £4.6 million had already been lost to coronavirus related scams since lockdown. Security experts say a spike in email scams linked to coronavirus is the worst they have seen in years.
Reports of scam calls and texts as well as emails that come with links to malware or phishing sites relating to coronavirus are swamping the UK. Scammers are using it as an opportunity to steal your personal details and your money. So what should you look out for to avoid falling victim?
Here’s some of the scams that have been reported and what to be aware of.
Fake Coronavirus calls to landlines or mobiles
There’s been a variety of fake calls reported of fraudsters whom have been calling both home phones and mobiles. They’ve been pretending to be anything from the Government or your bank to your GP’s surgery or even the World Health Organisation (WHO). Calls have been reported as scammers are trying to use the uncertainty of the market to con you out of your money. They may advise you to invest or transfer existing investments, including your pension. Or that your bank is in trouble due to the crisis with them trying to push you to transfer your money to a new bank with alternative banking details.
In other instances, the caller or recorded message may ask you to discuss your medical needs or offer you a coronavirus home test or may even offer a treatment. Their goal is to get you to speak to an operator to give them your personal information or financial details. Alternatively, they may ask you to press a button on your phone for more information that actually connects you to a premium number while charging you for the call.
Coronavirus Phishing emails
Researchers suspect that coronavirus may now be the biggest phishing topic ever. Barracuda Networks reported a 667% increase in malicious phishing emails during the pandemic. As well, Google has seen over 18 million hoax emails about Covid-19 being sent to Gmail users every day.
With phishing scams involving everything from refunds and bitcoin donations to surveys and fake PPE sales, consumers are being tricked into downloading malicious files, clicking on dangerous links or simply giving sensitive information. Many of these phishing emails are obvious as they look amateur, while others are harder to spot. They can be well written and designed, have the right logos and even look like they have been sent from a WHO or HMRC email address. But it’s potentially fake, trying to trick you into giving them control of your details or finances.
One phishing email that has made the rounds in several different forms is TV Licensing. Many people have reported a scam circulating regarding a ‘COVID-19 Personalised Offer’ of six months free. Others state that your TV license has expired and to click on a link to renew. The links in these fraudulent emails usually look genuine, but are actually trying to steal your personal and financial details.
Other fraudulent emails include Tesco and Morrisons free grocery vouchers,
or even government branded emails asking for banking details in return for a coronavirus council tax rebate and even fake ‘HMRC’ tax refunds or demands for tax payment.
Fraudulant Covid-19 websites and fake sellers
Cyber criminals have been capitalising on the pandemic by tricking consumers into buying fake products and services. Security researchers Digital Shadows say that more than 1,400 domains linked to Covid-19 have been registered in the past three months. While many of those may well be legitimate, many are being used to trick consumers into thinking they’re genuine. As hackers continue to exploit the virus, there’s been a rise of ‘spoof’ streaming sites that look very convincing and lure unsuspecting consumers in with an offer of free subscriptions. More than 700 fake websites impersonating Netflix and Disney+ signup pages appeared in just one week. The aim of these sites is to harvest your data including names, addresses and other personal information as well as stealing your credit card details.
Action Fraud says the majority of reports it’s received are related to online shopping scams, where people have ordered face masks, hand sanitiser and other products which never arrived. Now with the requirement to wear masks on all public transport, expect to see an increase in the amount of fake websites and social media posts offering ‘genuine’ PPE. Online shopping sites like Ebay and Amazon which were initially targeted by scammers selling fake products have mostly been able to block them. But they’ve moved onto social media sites like LinkedIn to sell their fake goods. Consumers have also been tricked into shopping on spoof websites that looked very similar to the original. UK based mask seller Cambridge Mask Co. experienced several sites falsely claiming to be them. Fraudsters registered similar domains in which they switched or added a few letters in the url in order to trick users into thinking it was the official site.
Fake Government calls and texts
Fake calls and texts claiming to be from the government have also been reported by Ofcom. Messages regarding receiving a COVID-19 ‘relief’ payment or that you’ve been fined for leaving your house or having too many visitors over have been received around the country. These are fake. Ignore and delete them and do not click on the links or attachments.Even if you get a message that looks like it’s genuine or from someone that you know but its content is suspicious (ie. asking for personal details or to click on a link), ignore it. Criminals may be ‘spoofing’ you. There’s many apps and sites out there where someone can disguise the number they’re calling or texting from by changing their caller ID to any number—even someone you know. They can even make a message appear in a chain of texts alongside previous genuine messages from a person or organisation.
Government’s Coronavirus tracking app phishing scam
Phishing scams based on the official coronavirus tracking app have already started making the rounds even though the app was delayed. Some people have received a text stating that someone they have come into contact with has tested positive for COVID-19 with a link included. Be wary, and do not click on the link. Fake texts will take users to a website where they are then asked to provide their personal information. The official NHS contact tracers will only ask for your name, date of birth and postcode and offer you advice. They won’t ask you for your bank details, social media accounts, to set up a pin number over the phone, call a premium number or ask you to download anything or access a non-government website.
How to spot and avoid Coronavirus scams
So how can you protect yourself against these scams? Here are six things to look out for.
- Question unsolicited emails: Be wary of unsolicited emails or texts claiming to be from an organisation such as a bank, BT, Amazon, Netflix, PayPal, Microsoft or other trusted organisations such as the NHS or WHO. Always question unsolicited requests for your personal or financial information and check the senders email address to see if it looks suspicious. Don’t click the links in emails or texts and don’t call the phone numbers listed in the messages. If in doubt, call their customer service directly.
- It’s urgent: Phishing and smishing messages are designed to scare you into clicking on their links. If it’s really urgent, a company will most likely call you.
- Bad grammar and misspelling: Most official emails will have been proofread before being sent out so watch out for bad grammar, spelling mistakes and poor punctuation.
- No name: Legitimate emails from organisations you have accounts with will usually address you by name. Phishing emails are more generic and will usually address you with ‘Dear Sir’ or ‘Dear Customer’.
- Watch out for fake domains: With scammers setting up fake websites that look legitimate, how do you know what’s real? Double check the web address to make sure it hasn’t switched a letter or add a plural like in the case of Cambridge Mask Co. Even if it all looks above board, the address may reveal it’s much less official. If in doubt, check out fullfact.org a fact checking website to see if they’ve been reported.
- If it sounds too good to be true, it probably is: If a product or offer is too good, it’s probably a scam. Do your research and avoid a costly mistake.
As the UK continues to come out of lockdown, coronavirus is still a worrying and emotional topic for many. With so much uncertainty of what the future holds in the next few months, cyber-criminals will continue to try and profit. If you do receive a call, text or other communication that you think might be fake, or you’ve actually been a victim, contact Action Fraud or contact Citizens Advice Scams Action for more help.
Related Articles: 5 Cyber Security Tips for SMEs