The National Cyber Security Centre (NCSC) is reporting a 400% uplift in COVID-19 online scams upto mid-March 2020. In response, the NCSC has produced a helpful guidance document ‘Home working: preparing your organisation and staff’ available to view here https://www.ncsc.gov.uk/guidance/home-working
Experts from the NCSC reveal a range of attacks are being perpetrated online as cyber criminals seek to exploit COVID-19.Techniques seen since the start of the year include bogus emails and fraudulent online selling sites.
The NCSC has created some top tips in spotting phishing emails:
- Many phishing emails have poor grammar, punctuation and spelling.
- Is the design and overall quality what you’d expect from the organisation the email is supposed to come from?
- Is it addressed to you by name, or does it refer to ‘valued customer’, or ‘friend’, or ‘colleague’? This can be a sign that the sender does not actually know you, and that it is part of a phishing scam.
- Does the email contain a veiled threat that asks you to act urgently? Be suspicious of words like ‘send these details within 24 hours’ or ‘you have been a victim of crime, click here immediately’.
- Look at the sender’s name. Does it sound legitimate, or is it trying to mimic someone you know?
- If it sounds too good to be true, it probably is. It’s most unlikely that someone will want to give you money, or give you access to a secret part of the Internet.
- Your bank, or any other official source, should never ask you to supply personal information from an email.
For further information on the NCSC, including their extensive range of business related resources, please visit https://www.ncsc.gov.uk/
‘Action Fraud’ (the UK’s national reporting centre for fraud and cybercrime) state they have received 105 COVID-19 fraud reports since 1st February 2020 totalling a value of £970,000. The majority of reports relate to fraudulent online selling sites selling personal protective equipment that has never been delivered.
Action Fraud have also received over 200 reports of COVID-19 themed phishing emails. These attempt to trick people into opening malicious attachments which could lead to fraudsters stealing people’s personal information, email logins and passwords, and banking details.
Some of the tactics being used in phishing emails include:
- Fraudsters purporting to be from a research group that mimic the Centre for Disease Control and Prevention (CDC) and World Health Organisation (WHO). They claim to provide the victim with a list of active infections in their area but to access this information the victim needs to either: click on a link which redirects them to a credential-stealing page; or make a donation of support in the form of a payment into a Bitcoin account.
- Fraudsters providing articles about the COVID-19 outbreak with a link to a fake company website where victims are encouraged to click to subscribe to a daily newsletter for further updates.
- Fraudsters sending investment scheme and trading advice encouraging people to take advantage of the COVID-19 downturn.
- Fraudsters purporting to be from HMRC offering a tax refund and directing victims to a fake website to harvest their personal and financial details. The emails often display the HMRC logo making it look reasonably genuine and convincing.
- Fraudsters purporting to be from TV Licencing stating there are problems with customer billing, asking for updated personal and banking details.
For further information on Action Fraud, including their 24/7 live (real time) reporting of business related cyber attacks please visit https://www.actionfraud.police.uk/campaign/24-7-live-cyber-reporting-for-businesses
In addition to the online threats, The Chartered Trading Standards Institute (CTSI) is urging the public to be on their guard for bogus healthcare officials visiting the homes of the elderly and vulnerable offering door-to-door COVID-19 home testing. The criminals seek to gain entry to the home to steal money and other property.
Our partners from West Midlands Police are also receiving reports of bogus Police Officers operating within the force area, visiting the vulnerable and elderly claiming to be making COVID-19 home visits in order to steal cash and valuables. Furthermore, heartless con-artists are knocking on the doors of elderly residents offering to run shopping trips – but taking the cash or bank cards and never returning. The force’s Victim Care Unit are working with a number of local charities for the elderly to send out warning letters and emails to generate publicity. The Police are advising anyone who has concerns of people acting suspiciously to ring 999 providing as much detail as they can.
Police are also aware of a scam text circulating, purportedly from UK Government, telling victims that a £35 fine has been issued for leaving their homes 3 times in 1 day. The text provides a weblink to pay the fine. UK Government has confirmed this is a hoax and urges victims to not click on any links within the message.
For the very latest news and updates from West Midlands Police please visit https://www.west-midlands.police.uk/news You can also sign up for their free community messaging system by visiting https://www.wmnow.co.uk/
Colmore BID is continuing to liaise with partners to obtain more community safety information about the various threats, risks and services aimed to support businesses and their employees. More details of these will be shared once they have been provided to us.
We remains available to support our businesses, as well as our public sector partners. Please contact the team in the usual way, or email firstname.lastname@example.org.
You can keep up to date with the latest announcements from us by subscribing to our mailing lists. You can join these by emailing email@example.com. You can also follow us on Twitter, Facebook and Linkedin.