Fraud newsletter – April 2020
As we continue to adjust to working from home in order to help combat the spread of Covid-19, the newest issue of our bi-monthly fraud update focusses on the increased potential for fraud in the wake of the current crisis. Whilst most view the pandemic as the greatest threat to both public health and the global economy for generations, there are those who see an opportunity to defraud a captive market now under effective house arrest.
The most recent figures depict a new, but perhaps unsurprising, trend in fraud related to COVID-19: since 1 February 2020 there have been 105 reports to Action Fraud, with total losses reaching nearly £970,000. The majority of these reports concern online shopping scams whereby people have ordered face masks, hand sanitiser and other products that have not arrived. Not included in those figures, however, are the over 200 reports received by Action Fraud of COVID-19-themed phishing emails designed to steal personal information, login credentials and banking details. Most alarmingly, fraudsters are purporting to be from research groups that mimic the Centre for Disease Control and Prevention (CDC) and the World Health Organisation (WHO). The emails claim to provide a list of active infections in their area if the individual opens a link to a credential-stealing page or makes a donation in support. With fraudsters looking to exploit the consequences of the pandemic, it is likely that we will see a continued increase in these types of scams. It is therefore imperative that individuals continue to complete appropriate due diligence to ensure that the links they are clicking on and the accounts they are transferring money to are genuine.
The trade association UK Finance is calling for the public to remain vigilant to the risk of smishing or spoofing text messages. Smishing is when fraudsters use text messages impersonating other organisations to trick people into giving away their personal and financial information or into transferring money. Spoofing is where those messages can appear in a chain of genuine messages from that organisation. Fraudsters are seeking to exploit the current social distancing measures introduced by the Government. The fake text messages may claim the recipient has to make a penalty payment after being seen leaving their house on several occasions on the same day or offering payments related to the COVID-19 outbreak. Financial firms have therefore urged customers to avoid clicking on any links contained within text messages and to contact the proposed recipient organisation on a trusted phone number (if necessary).
With the majority of employees working from home for what we hope is a relatively short time there are compromises to be found for many of the challenges facing businesses. There should, however, be no compromise on security. Fraudsters are taking advantage of the fact that individuals working remotely have not applied the same security on their home networks that would be in place in a corporate environment. Organisations should ensure that employees have the right technologies and understand the security policies to avoid compromising business security. The World Economic Forum has issued guidance to both businesses and employees who are working from home. Failure to maintain the integrity of a business' cyber security will inevitably invite fraudsters seeking to take advantage of the weaknesses exposed by the current pandemic. Everyone, both employers and employees, shares the critical role and responsibilities of securing the business so that cyberattacks do not further antagonise an already disrupted working environment.
Recent articles relating to Covid-19: