How to spot and avoid Coronavirus scams
The current environment has allowed repugnant fraudsters to target our most vulnerable in a range of scams which, as of 20 March 2020, have led to approximately £960,000 being stolen from individuals. The City of London Police have reported a 400% increase in coronavirus-related scams and 105 crimes have been reported to Action Fraud, the UK’s national reporting centre for crime and cyber-crime. Many of these scams are ones we have seen before such as phishing sites or nasty malware attacking your computer. Others are related to online shopping scams involving highly sought-after items such as face masks and hand sanitizer.
Coronavirus text and email phishing scams.
When cybercriminals “phish,” they send fraudulent emails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. “Smishing” simply uses text messages instead of email.
Action Fraud has warned about emails purporting to be from organisations including the US Centres for Disease Control and WHO are being sent with the aim of tricking you into opening malicious attachments or giving away your passwords.
Some of the latest email and text phishing scams to be aware of:
World Health Organisation – One email claims to come from the World Health Organization (WHO). It’s short and sweet, asking that you click on a link to a PDF offering advice on how to stay safe during the outbreak. Security Sophos has a detailed breakdown of what happens if you click the link, but broadly it shows you a pop-up in front of what looks like the WHO’s actual website asking you to input your email address and password so that you can receive the non-existent PDF.
Fake lockdown fines – People have been warned not to fall for a bogus text message saying they have been fined for stepping outside during the coronavirus lockdown. The scam message claims to be from the Government, telling the recipient their movements have been monitored through their phone and they must pay a fine or face a more severe penalty.
HMRC goodwill payment – The MET police are warning of a fake message designed to steal your account details that says ‘As part of the NHS promise to battle the COV-19 virus, HMRC has issued a payment of £258 as a goodwill payment’.
Free school meals – The Department for Education has issued warnings about a scam email designed to steal your bank details saying: ‘As schools will be closing, if you’re entitled to free school meals, please send your bank details and we’ll make sure you’re supported.’
WhatsApp request to forward your code – A recent scam could grant hackers full access to your WhatsApp messages, photos and videos. Someone who knows your phone number could request to register your WhatsApp on a different device, and when a verification code is sent to you, the hacker will then message you to try and coax you into forwarding this on to them. They could then target your contacts with requests for money.
Be wary of calls, and even visitors to your home – People are being warned to expect an increase in scam calls. These could follow typical patterns of callers claiming to be authority figures, which may include the police, HMRC or your bank, and involve requests to transfer money or hand over sensitive account login information, or your PIN code. We may also see an increase in scams involving subscription accounts, such as Amazon Prime, claiming that an account has been hacked and requesting you enter your details to address the issue. We’ve also seen reports of particularly nasty scams where criminals are taking advantage of older people by knocking on their doors and gaining access to their house, where residents can be robbed or worse.
How to spot and avoid coronavirus scams
So what can you do to protect yourself against scams and misinformation? Broadly the things to watch out in emails and other messages are:
Unsolicited emails and texts: be careful of anything you weren’t expecting that claims to be from an organisation such as a bank, BT, Sky, PayPal, Microsoft, the BBC and other large, trusted organisations. And at the moment, particularly watch out for unsolicited emails claiming to come from health bodies such as the NHS, the WHO and the Centres for Disease Control and Prevention (CDC).
An urgent tone: phishing and smishing messages are designed to scare you into clicking on their links.
Grammar and spelling: the phishing email claiming to come from the WHO is clumsily written and has typos such no spaces after commas.
No name: legitimate emails from services you have accounts with will always address you by name. Phishing emails and smishing texts usually start with ‘Dear Sir’ or ‘Dear Customer’.
Fake domains: scammers often set up website addresses that look legitimate in order to trick you. Security researchers Digital Shadows say more than 1,400 domains linked to the Covid-19 disease have been registered in the past three months. While many of those may well be legitimate, others will almost certainly be used to trick anxious consumers into thinking they’re genuine.
Fact check: When it comes to claims circulating via social media, there are a couple of things you can check. Snopes is the original fact-checking website: if it’s not true, Snopes has probably written it up. Other fact-checking websites are also worth keeping an eye on – Full Fact is a British website that can be trusted, while Channel 4 News has its own Fact Check website.
Update software: Above all, make sure your computer, mobile phones and tablet software are up to date, and for Windows, Macs and Android devices, you should install antivirus software and keep that up to date, too. Antivirus will warn you if you’re visiting a website that’s been reported for phishing or that contains malware.
If you’ve been scammed, report what’s happened to Action Fraud, the UK’s national centre for reporting fraud and cybercrime.
You can also contact The Advice Centre on firstname.lastname@example.org if you need advice and guidance after a scam.