21 Oct, 2020
Since the beginning of the COVID-19 pandemic, people and businesses around the world have relied on the internet in an unprecedented way. Family get-togethers and business meetings alike have given way to virtual calls. We rely more heavily on going online for communications, buying and selling, getting our news, enjoying our entertainment and much, much more. This, along with the uncertainly and concern caused by the pandemic, has resulted in a perfect storm for cybercriminals to exploit the situation.
CEO of Get Safe Online, Tony Neate, says: “At Get Safe Online, we’ve heard about many, many scams, from fake news to people offering vaccines. Even with my long career in cybersecurity, it never fails to amaze me how low some people will sink to exploit innocent people’s uncertainty and misery. Please make yourself, your family and friends acquainted with our list scams on this page, particularly the more vulnerable people you know.
“Also, there’s a great list of back-to-basics tips for both individuals and businesses in our new Online Survival Guide.”
The scams that we have heard about to date include (in no particular order):
- Travel-related scams, including fake caravan and motorhome listings, refund offers and travel deals as criminals take advantage of uncertainty around coronavirus travel restrictions and cancellations
- Fake calls, emails and text messages claiming to be from NHS test and trace staff, requesting payment for a COVID-19 test, confidential details or asking you to visit a fake website which either captures your personal details or results in a malware infection
- Fake links to Microsoft Teams and Google Meet, in addition to similar, more highly publicised fake links to Zoom
- Fake text messages about contact-tracing apps, inviting you to click on links which are actually fraudulent and download malware on to your device
- email purporting to be from your employer asking for personal details as part of you returning to work
- fake advertisements on social media and pet sales websites advertising pets that do not exist, including requesting deposits and fees for transport and vaccinations
- email purporting to be from the supermarket chain Iceland, advertising priority delivery slots for vulnerable customers
- Phone calls purporting to be from your bank offering to collect money as a service to vulnerable people. Cards have been collected and funds withdrawn.
- email entitled “You are infected”, in which you are asked to download an Excel attachment and proceed to the nearest emergency health clinic for testing. The Excel document is infected with malware.
- A huge increase in the number of blackmail emails claming that the sender has detected you viewing porn, and demanding a ransom to avoid this being revealed to youir contacts. These sometimes quote a password you do or have used, but you should not respond or pay, as they have nothing on you.
- emails specifically targeting the elderly, selling pre-paid funerals and Power of Attorney services
- emails purporting to be from a major retailer (including Tesco and Argos) offering free vouchers to help support people during the outbreak. The emails feature a fraudulent link.
- emails offering Coronavirus insurance cover, or thanking you for purchasing insurance and providing a link to your ‘documents’. You cannot buy insurance against Coronavirus.
- emails, social media posts and texts advertising Coronavirus testing kits for home use and for use by businesses to test their workforce. These do NOT exist.
- emails telling you that you have been fined for not observing lockdown rules
- emails and other messages claiming to be from the Department of Education, offering free school meals whilst schools are closed, and requesting bank details
- Fake advertisements for protective masks
- Fake advertisements for sanitising gel
- Fake advertisements for vaccines (these do not currently exist)
- Someone selling Coronavirus ‘cure’ online that actually contained harmful chemicals
- Links to fake / sensational news, photos and video and unorthodox ways to gain protection, in reality designed purely to spread panic, gain clicks and sell newspapers.
- Appeals from fake charities (either with made-up names, or fraudsters impersonating real charities) for donations
- Fake text messages offering NHS and other frontline employees tax refunds from HMRC to say ‘thank you’ for their efforts
- Fake emails, texts or posts offering Coronavirus diagnoses
- Online maps of Coronavirus geographical hotspots, which infect your device with malware
- Phone calls and emails offering high return, low risk investments
- Phone calls and emails urging you to take money out of your pension pot, or transfer your entire savings to a higher return, lower risk option
In the case of the fake advertisements, hopeful customers make payments for the items, often by bank transfer, never to see the products they have ordered, nor their money, ever again. The links and email attachments generally lead to fraudulent websites which request your confidential details, or malware infections on the computer or other device you use to view them.
Neate explains why it is so easy for fraudsters to operate under the current circumstances: “It’s a double-whammy: most of us are understandably concerned or at least uncertain about what’s going to happen in the short to medium term. This means that we might tend to drop our guard, and exercise less caution than usual when carrying out everyday tasks online.”
Our expert advice
- Do not get tempted into ordering Coronavirus-related products online, especially if it calls for payment by any means except credit card (which normally affords additional protection).
- Do not believe in everything you read, but instead get your up-to-date Coronavirus advice from official sources such as: https://www.nhs.uk/conditions/coronavirus-covid-19/
- Check the authenticity of charity appeals
- Be wary of approaches from supposed travel agents, tour operators, airlines, cruise companies, insurance companies or compensation firms promising to deal with refunds on travel, accommodation and event entry. If in doubt, call companies you have been dealing with, on the phone number you know to be correct.
As a result of the current situation, almost all businesses have sent their employees home to work unless it is impossible to do so, and in an essential sector. Business owners are urged to provide training and advice on how to work remotely without compromising the safety and security of companies and their networks, data and devices. Tony Neate added this warning: “Don’t assume that your staff are necessarily up to speed on working safely at home … it’s a very different environment from the relatively secure systems and processes to be found in many offices. We have very comprehensive, easy to follow advice at getsafeonline.org/business.“
- How fraudsters trick you out of your money
- Get Safe Online Caribbean Cyber Heroes announced
- Must-avoid COVID-19 scams
- Get Safe Online Global24 Activities Update
- Digital safety and safeguarding children and young people from harmful influences online
- Lock down on burglaries this summer
- Cyber security update for all health and social care staff
- Security-by-design: the inside-out approach to combat IOT breaches
- Online safety advice for parents during lockdown
- Three things popular culture can teach us about cybersecurity